Agency in UK warns about phishing campaigns

National Cyber Security Centre (NCSC) emite alerta sobre phishing
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp

“The NCSC is investigating a large-scale phishing campaign affecting sectors including transport, engineering and defence”. This is how one of the recent NCSC (U.K.’s National Cyber Security Center) advisory begins.

The NCSC also says in the document that it doesn’t know the origin of the attacks, but that the techniques used suggest a coordinated and structured criminal activity.

Potential victims have received emails from people they know, from their supply chain. These people have had their accounts compromised, which lures the victims because the fraud seems legitimate.

In the scam, fraudsters ask recipients to click on URLs or open PDF files in the email. The links contain clones of login pages of services such as Apple and Office365, another technique that gives even more legitimacy to the fraud.

Table of Contents

Identify advanced and targeted threats and block them faster with Gatefy
Icon of the Gatefy's cloud email security solution.

Here you can see some samples of the malicious links

• hxxps://consejo.unam.mx/includes/Office365-K/Microsoftdocs/
• hxxps://pkgdonation.com/
• hxxp://gok.lapszenizne.pl/media/Office365-K/Microsoftdocs/
• hxxps://bit.ly/2HcLEe1/
• hxxps://hdl.handle.net/11346/Capital
• hxxp://hdl.handle.net/11346/Completed
• hxxps://drive.google.com/file/d/1QVEkE6lizP9Vs3teL0Mn1yD0Wfj6YLCq/view?usp=sharing
• hxxp://hdl.handle.net/11346/Follow-Up-A36K
• hxxp://hdl.handle.net/11346/IYM5
• hxxps://www.watchdog.org.nz/rssb-bidding/Files
• hxxps://ofhsiaterldmns.ga/drive/Speedx/Speed/
• hxxp://investment.tn/property
• hxxps://imrmedical.net/12/12/pass.php
• hxxps://imrhealthjobs.com/veriffy/c3e2abd83662636155fd30f4aa71403e/
• hxxps://imrhealthjobs.com/umped/2b7d76425a660b781846077a643a1cf4/

Always be alert

Therefore, we reinforce our advice to always be suspicious of emails that contain links and attachments, and of messages that treat the subject as urgent. It is important to keep in mind that we are all potential victims of attacks and need to be alert.

The fact that the criminals are using compromised accounts increases the chances of their success. In these specific cases, as the NCSC points out, it is fundamental to:

• Check the way the email was written;

• Verify the address of the URLs that the browser shows;

• Contact the sender in case of mistrust.

Another important tip is to beware of logins and passwords. Using strong passwords and varying them may help a lot in situations like this. Sometimes criminals only need one password to have unrestricted access.

Access the NCSC advisory

Click here or over the image.

National Cyber Security Centre (NCSC) sends an alert on phishing
Improve your business’s email security. Schedule a demo!
Don't forget to share this post
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Related Articles