Cybersecurity researchers at Abnormal Security have warned of a new phishing campaign in which threat actors impersonated UPS and FedEx and sought to steal people's sensitive and payment data.
This would not be anything out of the ordinary if the campaign did not have a “stunning level of phishing” and if the emails distributed were not “particularly convincing.”
In a detailed analysis published on Abnormal's blog, the company explained that at first glance, this phishing campaign doesn't differ much from what we've seen so far. Attackers impersonate shipping companies and tell their victims that they have a package on the way or that it can't be delivered.
Scammers invite victims, via a link in the email, to resolve the problem quickly by sharing their personal and payment details and, in some cases, even making small payments. Those who fall for the trick are victims of stolen information, which the attackers can sell on the black market or use to carry out more disruptive attacks.
Since payment data is also being stolen this time, it is likely that hackers will also try to empty the pockets of organizations around the world.
But this campaign is different, as the attackers actually went the extra mile to convince their victims that they were legitimate.
“Past fake push notifications often contained minimal text, limited formatting, and little to no mimicked branding beyond perhaps a single logo,” the researchers explained. “These campaigns, on the other hand, include a remarkable level of detail and incorporate the impersonated operator’s branding not only in the initial messages but also in the multi-step phishing sites. Furthermore, from a grammar, spelling, and syntax standpoint, the text of the emails is essentially flawless.”
Either the attackers tried really hard or they found “particularly sophisticated” new phishing-as-a-service kits somewhere on the dark web. Time will tell.
