2 min read

Phishers Likely Copying Ransomware-as-a-Service Model, FBI Says

Filip TRUȚĂ

November 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Phishers Likely Copying Ransomware-as-a-Service Model, FBI Says

Cyber criminals are likely developing and selling tools that can harvest credentials and 2FA codes to defraud users, according to the Federal Bureau of Investigation (FBI). The Bureau has registered a recent spike in spear phishing email campaigns targeting consumers of brand-name companies.

The FBI warned Internet users in a public service announcement this week of “recent spear phishing email campaigns targeting consumers of brand-name companies, also known as brand-phishing, through their online User IDs and associated email accounts.”

“Cyber criminals are very likely developing and selling scamming tools to trick consumers of brand-name companies into revealing personal account information to compromise accounts and bypass online security protocols, most notably two-factor authentication (2FA),” the agency notes.

“Once detected, the consumer is redirected to an email scampage of the same email domain to steal their email account login and password information,” the announcement reads. “When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware.”

The FBI says the scammers embroiled in this campaign have adopted a method similar to the ransomware-as-a-service model, selling the tools to affiliates and offering “their own ongoing technical support.”

“Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers,” the Bureau notes.

“Cyber criminals are also motivated to sell these scampage tools to other users, regardless of their programming skills, which generates revenue and adds to the threat from these credential harvesting methods and tactics,” the agency stresses.

Spear phishing persists as a growing risk across the world, according to the agency, and users are urged to report any such scam attempts to the Internet Crime Complaint Center (IC3).

The Bureau urges consumers to keep using 2FA and/or multi-factor authentication (MFA) options, but to avoid using their primary email address for logins. Preferably, users should create a unique username not associated with their primary email address.

Bitdefender Digital Identity Protection (DIP) lets you control your digital footprint by continuously monitoring for data breaches and social media impersonators. Digital footprint monitoring only uses information provided (email address and phone number) when signing up to the service. DIP helps find your private information online in legal and illegal collections of data, and helps you stay on top of new breaches and privacy threats with instant alerts and monitoring.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

1.8 Million Texans Caught in TDI Data Breach 1.8 Million Texans Caught in TDI Data Breach
Silviu STAHIE

May 20, 2022

1 min read
Your Identity is Being Traded on The Internet Every 2.5 Minutes Your Identity is Being Traded on The Internet Every 2.5 Minutes
Radu CRAHMALIUC

May 20, 2022

3 min read
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read