Two new phishing campaigns have been uncovered recently that have seen phishers sink to new depths. An active shooter phishing campaign has been discovered that uses fear and urgency to steal details, while a Syrian refugee phishing campaign focuses on the compassion of people to increase the probability of victims paying ransom demands.
Active Shooter Phishing Campaign
Mass shootings at U.S schools are increasing, with the most recent incident in Parkland, Florida putting teachers and other staff on high alert to the threat of campus shootings. A rapid response is vital when an active shooter alert is released. Law enforcement must be notified swiftly to apprehend the suspect and children and staff must be safeguarded.
It is therefore no shock that fake active shooter threats have been deployed in a phishing campaign. The emails are created to get email recipients to click without considering the possible threat and have been developed to cause fear and panic.
The active shooter phishing campaign was being deployed in a targeted attack on a Florida school – an area of the country where teachers are extra sensitive to the threat of shootings, given previous events in the state.
Three active shooter phishing email variants were made known to the anti-phishing and security awareness platform provider KnowBe4, all of which were used to bring recipients to a fake Microsoft login page where they were asked to enter in their login details to view the alert. Doing so would give those credentials to the hacker.
The email subject lines used – although other variants could also be in use – included:
- IT DESK: Security Alert Reported on Campus
- IT DESK: Campus Emergency Scare
- IT DESK: Security Concern on Campus Earlier
It is highly probable that similar campaigns will be carried out in the future. Despite the level of urgency, the same rules apply. Stop and consider any message before taking any action suggested in the email.
Syrian Refugee Phishing Campaign
Phishing campaigns often piggy back on crises, major world events, and news of sports tournaments to get users to visit links or open email attachments. Any news that is current and holding a lot of interest is more likely to result in users taking the desired action.
There have been many Syrian refugee phishing campaigns run in recent months that focus on the compassion to infect users with malware and steal their credentials. Now experts at MalwareHunterTeam have uncovered a ransomware campaign that is using the awful situation in Syria to convince victims to pay the ransom – by claiming that the ransom payments will go to a very good cause: Helping refugees.
Infection with what has been labelled RansSIRIA ransomware will see the victim shown a ransom note that claims all ransom payments will be sent to the victims of the war in Syria. A link is also given for a video showing the seriousness of the situation in Syria and links to a WorldVision document explaining the plight of children impacted by the war.
While the document and images are authentic, the claim of the hackers is likely not. There is nothing to suggest that any of the ransom payments will be directed to the victims of the war. If infiltrated the advice is not to pay and to try to rescue files by other means. If you would like to help the victims of the war, make a donation to a registered charity that is working in the region.
