In the first quarter of 2022, we are witnessing the rise in data
theft malware activities and numerous malware campaigns. According to reports,
these campaigns delivered over 28,000 emails, which led to information-stealing
malware targeting sensitive information such as cryptocurrency wallets, files,
and SSH keys stored in the system.
WhatsApp Voice Message in Email
WhatsApp Voice Note in Email feature was introduced in 2013; the email campaign includes a WhatApp Voice Message with the subject of “New Incoming Voice message” and the body consists of “New Private Voicemail” along with the Play button.
The sender ID implied that the email originated from the Center for Road Safety of the Moscow Region server (cbddmo.ru). It indicates that the email server has been compromised in promoting phishing campaigns.
That message consists of the malware, in which the user clicks on the play button; it redirects to the page that notifies to allow permission from the browser. People who are unaware of malware campaigns would enable the notification, which further subscribes to adult sites, unnecessary ads, etc. Also, it will make users install the malware, which can lead to data theft.
Although this involves using WhatsApp mail to promote the
campaign, officially, WhatsApp does not have any connection with this campaign
and does not have any such domain or landing pages. The attackers did not even
use the logo of WhatsApp to avoid Gmail’s Verified Mark Certificate (VMC)
check.
What exactly is a Phishing Campaign?
The Phishing Campaign is an email scam performed to steal information from the targeted networks. It is an attempt done by the attackers to gather sensitive information about a person or organization, such as login credentials and credit card details, through emails.
Hackers can perform these campaigns by prompting official emails
that allow users to provide sensitive information as it looks identical to the
legitimate mail. Phishing is also used to spread malware by adding links,
buttons, or mail attachments.
Types of Phishing Campaigns
The primary aim of any phishing campaign is to steal personal information, and there are many different types of phishing as follows:
- Email Phishing
- Spear Phishing
- Smishing
- Vishing
- Whaling
- Clone phishing
- Social Media Phishing
- Pharming
- Business Email Compromise
- Search Engine Phishing
How to protect from
Email Campaign?
Awareness campaigns are the best way to educate employees or the working staff to make them identify the difference between legitimate and spoofed messages or emails. Employees need to check for the following tips before clicking or opening a message or a URL:
- Check for the email domains
- Do not click on pages that alert you in a suspicious way
- Do not allow permission to a page that is unfamiliar
- Should prefer using official websites which are familiar
About InfosecTrain
InfosecTrain is one of the best Security and
Technology Training and Consulting organizations that provides a wide range of
IT Security Training and Services. It offers well-designed instructor-led
courses over various certification programs related to cybersecurity and
Information Security. These courses would help you to enhance your skills and
become professional.