- The phishing on the theme of finance uses personalized subjects and file names to provide malicious software
- Travel and response phisse also use personalization to push information thieves and rats
- Cofense requests the verification of unexpected emails and updates of safety tools
The attackers are increasingly personalizing phishing emails to deliver malware, the experts warned, the criminals collecting huge gains.
By adding the name of the recipient, the company and other details on object lines, file names and the content of messages, threat actors seek to reveal more legitimate messages, increasing the chances that recipients will open attachments or click links, Cofense researchers have revealed.
Cofense analyzed the value of one year of data and found that if several campaign themes use this tactic, phishing on the theme of finance was most worrying because of its frequency and impact.
Be careful
Almost 22% of refreshing emails fell into this category, often pretending to be invoices, offers or payment summaries.
Many of these emails transported Jrat, a multi-platform distance Trojan from a distance from the attackers, the full control of a system, steal files and install more malware.
Phishing on the theme of finance is particularly effective because it goes transparent with normal communication in the workplace, because employees often expect emails concerning contracts or updates of payment.
While phishing on the theme of finance represented 21.9% of personalized subject cases, other themes also used this approach.
Travel assistance was the largest category with 36.78%, often used to deliver the Vidar thief under the cover of booking or route updates.
The emails on the theme of the response followed at 30.58%, frequently transporting Pikabot to messages disguised as meeting cancellations or order confirmations.
Tax theme campaigns represented 3.72%, commonly involving Rémcos Rat in password archives, while phishing on the theme of notifications also represented 3.72%, offering various families of malware, including WSH Rat and Jrat.
To counter these threats, Cofense advises the verification of unexpected email requests via the trusted channels, the maintenance of antivirus tools and malware up -to -date and the limitation of public exposure of staff details to make targeting more difficult.
In summary, Cofense says: “Although the personalized subject lines are not used in all malware email samples, it is a strong tactic to ensure that the recipient feels a higher sense of emergency that can cause successful infection. Particularly targeted emails providing rats or information can be negotiated to ransomological threat actors. ” ».
