Russian hacking group targets Ukraine with spear phishingĪs world leaders debate the best response to the increasingly tense situation between Russia and Ukraine, Microsoft warned in February 2022 of a new spear phishing campaign by a Russian hacking group targeting Ukrainian government agencies and NGOs. It’s easy to see how even a relatively scrupulous employee could fall for an attack like this-but the problem would not have arisen if the target organization had better email security measures in place. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials. The fake bidding site instructed users to enter their Office 365 credentials. On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgovus.
#Social engineering toolkit german pdf#
The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded. The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. Using these domains, the phishing emails sailed through the target organizations’ security gateways. The attack used two methods to impersonate the DoL’s email address-spoofing the actual DoL email domain and buying up look-a-like domains, including “dol-govcom” and “dol-govus”. The scam is a noteworthy example of how convincing phishing attempts are becoming. In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). Persuasive email phishing attack imitates US Department of Labor Between 20, Rimasauskas and his associates cheated the two tech giants out of over $100 million. The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided - but directing them to deposit money into their fraudulent accounts. Rimsauskas also set up bank accounts in the company’s name.
Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the world’s biggest companies: Google and Facebook. $100 Million Google and Facebook Spear Phishing Scam
0 kommentar(er)
