- Phishing with financial theme uses personalized files and names to deliver malware
- Travel and response phishing also use customization to boost information theft and rats
- Cofense urges the verification of unexpected electronic emails and updates to security tools
The attackers are increasingly personalizing pHishing emails to deliver malware, experts have warned, and criminals harvest huge profits.
By adding the name of the recipient, the company and other details in the lines of the subject, the names of the files and the messages, the threat actors seek to make the messages look more legitimate, which increases the possibilities that the recipients open malicious attachments or click, the researchers of Cofense have revealed.
Cofense analyzed the one year data and discovered that, although several campaign issues use this tactic, the financial theme phishing was the most worrisome due to its frequency and impact.
Stay safe
Almost 22% of the emails written in the matter fell in this category, often posing as invoices, tenders or payment summaries.
Many of these emails led Jrat, a multiplatform remote access Trojan that can give attackers the total control of a system, steal files and install more malware.
Phishing with financial issues is particularly effective because it combines perfectly with normal communication in the workplace, since employees often expect emails about contracts or payments of payment.
While the financial theme phishing represented 21.9% of the cases of personalized subjects, other issues also made intensive use of this approach.
Travel assistance was the largest category with 36.78%, often used to deliver Vidar Stealer under the appearance of reserves or updates of itineraries.
The emails with response issues followed at 30.58%, often with Pikabot in messages disguised as redemale meetings or confirmations.
Campaigns with tax issues represented 3.72%, which commonly involved RATs RAT in password protected files, while the thematic notifications phishing also represented 3.72%, delivering several malware families, including WSH Rat and Jrat.
To counteract these threats, Cofense advises to verify unexpected email applications through trusted channels, keep updated antivirus and malware elimination tools, and limit the public exposure of staff details to hinder guidance.
In summary, Cofense says: “While personalized matter lines are not used in all malware email samples, it is a strong tactic to make the recipient feel a greater sense of urgency that can lead to a successful infection. Particularly specific emails that deliver rats or information stolen can be notable to provide remote access or credentials of trunks that can be corrected by Threats of threats of threats. “
