Canadian Business Banking Customers Hit With Targeted Phishing, Account Takeover Attacks

This post was co-authored by IBM X-Force’s Ilya Kolmanovich

---

IBM X-Force research has been following the activity of a cybergang that has been targeting Canadian businesses with customized phishing attacks, likely operating out of Ukraine. The attacks are designed to trick those with account access to divulge their company’s online banking credentials, one-time passwords and two-factor authentication codes. The goal of this targeted phishing attack is to take the account over and transfer money to mule accounts that the criminals control.

A Custom-Crafted Email Arrives

The first step in the attacks is an email. Much like other targeted attacks, this was a spear phishing email that was sent to very specific stakeholders with content made to appear legitimate, featuring the correct bank logos and accurate information. Inside that email, the storyline that was designed to gain the victim’s trust came in PDF format. This enabled the threat actors to hide the URL links, keywords and brand abuse from detection mechanisms that would pick these elements up had they been included in the body of the email. It also enabled them to ensnare users who possess enough security awareness to avoid clicking suspicious links in email messages.

To set up for the email campaign, the attackers registered a few domains and created email addresses that contained the bank’s name and appeared to represent the bank’s customer service, security or technology departments.

Continue reading this post here.