Kaspersky Reveals How Online Criminals Campaign Phishing

JAKARTA - In 2022, Kaspersky experts will see an increase in spear-phishing (or phishing targeted) attacks targeting businesses around the world.

In addition to a typical campaign consisting of one stage, there have been attacks in several stages. To find out how phishing campaigns unfolded, Kaspersky shared the way the criminals worked.

Stage 1: The attacker sent an email on behalf of the organization, asking for more information about the victim's company's products. The email text may not have any suspicious elements, but many of them use email addresses from free domains, such as gmail.com.

It should be noted that the use of free domains is unusual for spear phishing on behalf of organizations, as such domains are rarely used in business.

In targeted attacks, attackers often use spoiling from the legitimate domain of the organization they use as a cover, or register a domain similar to the original. So, attackers use different addresses in the From (where the email comes from) and a Reply-to (reply-to email address).

Phase 2: After the victim responded to the first email, the attacker sent a new message, asking them to go to the file sharing site (file-sharing) and linked PDF files with orders that were completed, which could be found via the link.

Phase 3: By clicking the link, the user will be taken to a fake site created by a well-known phishing kit. This is a fairly simple tool that generates phishing pages to steal credentials from certain resources.

Tahap 4: Saat korban mencoba masuk, nama pengguna dan kata sandi mereka dikirim ke https://pbkvklqksxtdrfqkbkhszgkfjntdrf[.]herokuapp[.]com/send-mail.

So be careful when receiving emails that come to you. Otherwise you will be the next phishing target.