The Gift That Keeps on Taking
This year, many people awoke on Christmas morning and were delighted to find Amazon gifts card delivered to their email. For some, however, the email they clicked on wasn’t really from Amazon, but part of a phishing campaign. What they actually received was the gift of a Trojan horse in their email. It’s enough to make anyone pause, because even though we’d like to think we’d be savvy enough to catch a phony scam, the truth is that hackers are getting more sophisticated with how well they can disguise their malware. Let’s take a look at this particular email attack, and help you to reduce your chances that you’ll be their next victim.
To begin with, when the email was opened, the virus didn’t automatically get installed. The recipient was asked to click on an “enable content” button under the premise that the attachment to the gift card was created in an online version of Microsoft Office. Once the button was clicked, it allowed malware to be downloaded and installed to whatever computer the user was on.
The particular type of malware that came through in this latest attack was the Dridex Virus. The original version of Dridex first appeared back in 2012, and over the years has become one of the most prevalent financial Trojans. Up until now, the cybercriminals using it have mainly targeted the financial sector, including the banking industry and its customers. One of the reasons why this incarnation of Dridex is so dangerous is because it has been known to give threat actors, such as DoppelPaymer, access to compromised systems to deploy ransomware. The FBI issued a warning last month that predicted DoppelPaymer attacks would see a spike in activity. In 2019, the hackers hit several high-profile targets, including Chile’s Ministry of Agriculture.
This is the first time DoppelPaymer has gone after people via a fake gift card, and the recent change in the ways the attacks are being targeted have left many scratching their heads. There could be many reasons for this. Some speculate that the answer that makes the most sense is simply that with many people celebrating the holidays in isolation this year, online shopping has seen an increase, and hackers, sensing that Amazon gift cards would be a popular gift, are looking to exploit any opportunity to profit. Others worry that the reasons could be much darker.
Typically Dridex tries to lure unsuspecting users to click on an attachment in their email to access the content, in this latest case a gift card. But you can stay clear of becoming a victim by remembering just a few simple rules.
To begin when you get any type of gift card, especially one from Amazon, it will never ask you to download an attachment. A legitimate gift card from Amazon will send you an email indicating who the gift is from, as well as a code in the message that you enter on the Amazon website to add funds to your account. If you get an email that purports to be from Amazon and it’s asking you to download an attachment in a Microsoft Word document, anything resembling such, close the email immediately, and mark it as spam. If you think the gift card might be legitimate, contact the sender via phone, as opposed to email, to find out if it was from them or not.
Scammers also went after online shoppers, too. In one instance, a fake website was set up to lure unsuspecting Target gift card recipients to check their balance. Once the card number was entered, the bad guys had all they needed to go on an illegal shopping spree. Bleepingcomputer reported in a recent article that in some instances, the differences between Target’s actual page and the imposter are so minute that most people would not notice the differences. The layout, text, and colors are a very good imitation. To further obfuscate the user, once their information is entered, they get a “checking balance” message that buys considerable time, and eventually appears to “time out,” telling the user that an error has occurred, and verification has failed. Most people assume the issue is either a user error, or that online traffic is maxing out the site, causing it to crash. They then go about their business, intending to check back layer, and never suspect that they’re been scammed.
When people we consider naïve get scammed, we comfort ourselves with the thought that we would have been savvier and not fallen for it. But it’s super frustrating when the hackers are getting better all the time and we see something that we probably would have fooled even us. In the case of the Target gift card scam, the only “tell” is that the web address is a bit suspect, and none of the links on the rest of the page work. But during the holiday season, when people are overloaded with trying to get shopping done, or after the holiday when they are trying to come down from having brain overload, it’s understandable that sometimes things slip by that we might otherwise be wise to.
Especially if they’re cleverly disguised and seem familiar to what we’re used to seeing, with only slight differences.
What we can tell you is to always, always trust your gut. As cybercriminals continue to get more sophisticated with their tactics, while following these guidelines will help you to avoid most scams, there is no exhaustive list that covers every single situation. Most of the time though, you will have a nagging feeling that you need to slow down before you click. Pay attention to that.
As always, if you want to train your employees on how to spot phishing scams, Buzz Cybersecurity has our Lunch and Learn Program that will be continuing in 2021. Contact us today to learn more and schedule us to come out and educate your employees on how to take ownership of protecting your company’s assets!