Shipping-Themed Phishing Attacks Aiming at Middle East and Africa
Researchers
|
The Middle East and Africa (MEA) area is being targeted by an increase in phishing schemes relating to shipping.
“The attacker uses various spoofing or bulk-message tactics to transmit a phishing link over SMS to victims in order to spread the fraud.”
Since the majority of victims open SMS messages on their phones, these links are usually customized for mobile devices. Depending on the user agent, phishing pages frequently behave differently and only display their entire content when viewed through a mobile browser.
“To make the page load properly and display the phishing material, the attacker frequently appends a mask or endpoint at the end of the URL, such as index.html, eg, i, org, or something like.” |
The Darcula phishing-as-a-service platform, which enables the attackers to launch region-specific phishing attacks at scale, is probably what they are utilizing.
Group-IB
|
“Localized targeting, in which the threat actor attempts to imitate the names of particular client businesses that are often used by the general public, makes this technique more plausible.”
“For instance, they would target a Middle East/Africa region entity with a URL such as meapostal[.]click/index.html.” |
To prevent falling for these attacks, users and organizations should adhere to security best practices.
Researchers
“Understanding how these fake messages operate is the first step in protecting yourself as they continue to spread over the world.”
“The fundamental line of defense for individuals is always to avoid clicking on unwanted tracking URLs. Use only legitimate links from e-commerce platforms and track numbers from your actual purchases and invoices to manually navigate to the official courier website and confirm the delivery status. To foster trust and shield clients against widespread social engineering threats, firms must take a proactive approach that includes public education, strong domain security, and the provision of verification tools.”
Conclusion
Now that we have talked about this phishing scam, you might want to know how to protect yourself against such phishing attacks. For that, you can go to phishnext, a specially designed platform for phishing attack simulations offered by Craw Security.
It helps users to learn evading techniques against phishing attacks and increase security in their working environment. What are you waiting for? Contact, Now!
