19 min read

2022 Year In Review

By WMC Global Threat Intelligence Team on 1/31/23 1:51 PM

The WMC Global Threat Intel Team observed a noticeable escalation in targeted and sophisticated phishing campaigns throughout 2022, with a surge in SMS phishing and a decrease in campaigns featuring large corporations. Threat actors began to shift their focus to developing smish-to-vish campaigns campaigns where threat actors use phone numbers in SMS messages as opposed to link-based phishing. In 2022, we also finally saw a move away from Covid-19 phishing lures as pandemic-related government funds and support stopped. Several new threat actors made an appearance in 2022 with prolific and novel campaigns explored below targeting banks and big name brands.

The latest US trend has seen threat actors moving from generic, wide-reaching phishing attacks using major banks as lures to targeted attacks featuring small credit unions. Although customers of financial institutions are the most common mark, there was a jump in threat actors specifically targeting credit union customers throughout the US, whereas in the UK a prevalent phishing campaign took advantage of the government-backed energy rebate scheme as energy prices peaked at an all-time high. As expected, big brands like Microsoft, Apple, Netflix, and PayPal were still targeted regularly throughout the year. 

Topics: SMS Attack Phishing Phishing Kit Microsoft Office 365 Banking Hermes Courier Scam Food Delivery Service Phishing SMS Phishing Just Eat Uber Eats Credential Phishing Food Delivery App Phishing package delivery scam
4 min read

Hermes SMS Courier Scam

By WMC Global Threat Intelligence Team on 4/27/21 1:05 PM

Threat Summary

New phishing campaigns are targeting mobile devices to deliver fraudulent courier delivery notifications to potential victims. While many organizations secure email and Microsoft Office applications directly within mobile phones, SMS threats are typically out of scope for many security teams, letting attackers exploit the lapse in coverage to leverage both consumer and business credentials. WMC Global's Threat Intelligence Team is currently tracking an increase in SMS-based courier scams in the United Kingdom. By the end of March over 5000 phishing URLs had been collected targeting Hermes alone. Targeted couriers are Hermes, DPD, and Royal Mail, with Hermes seeing a notable increase in distribution.

Topics: SMS Attack Phishing Hermes Courier Scam
Content not found