2 min read

Phishers Likely Copying Ransomware-as-a-Service Model, FBI Says

Filip TRUȚĂ

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishers Likely Copying Ransomware-as-a-Service Model, FBI Says

Cyber criminals are likely developing and selling tools that can harvest credentials and 2FA codes to defraud users, according to the Federal Bureau of Investigation (FBI). The Bureau has registered a recent spike in spear phishing email campaigns targeting consumers of brand-name companies.

The FBI warned Internet users in a public service announcement this week of “recent spear phishing email campaigns targeting consumers of brand-name companies, also known as brand-phishing, through their online User IDs and associated email accounts.”

“Cyber criminals are very likely developing and selling scamming tools to trick consumers of brand-name companies into revealing personal account information to compromise accounts and bypass online security protocols, most notably two-factor authentication (2FA),” the agency notes.

“Once detected, the consumer is redirected to an email scampage of the same email domain to steal their email account login and password information,” the announcement reads. “When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware.”

The FBI says the scammers embroiled in this campaign have adopted a method similar to the ransomware-as-a-service model, selling the tools to affiliates and offering “their own ongoing technical support.”

“Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers,” the Bureau notes.

“Cyber criminals are also motivated to sell these scampage tools to other users, regardless of their programming skills, which generates revenue and adds to the threat from these credential harvesting methods and tactics,” the agency stresses.

Spear phishing persists as a growing risk across the world, according to the agency, and users are urged to report any such scam attempts to the Internet Crime Complaint Center (IC3).

The Bureau urges consumers to keep using 2FA and/or multi-factor authentication (MFA) options, but to avoid using their primary email address for logins. Preferably, users should create a unique username not associated with their primary email address.

Bitdefender Digital Identity Protection (DIP) lets you control your digital footprint by continuously monitoring for data breaches and social media impersonators. Digital footprint monitoring only uses information provided (email address and phone number) when signing up to the service. DIP helps find your private information online in legal and illegal collections of data, and helps you stay on top of new breaches and privacy threats with instant alerts and monitoring.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read