19 min read

2022 Year In Review

By WMC Global Threat Intelligence Team on 1/31/23 1:51 PM

The WMC Global Threat Intelligence Team observed a noticeable escalation in targeted and sophisticated phishing campaigns throughout 2022, with a surge in SMS phishing and a decrease in campaigns featuring large corporations. Threat actors began to shift their focus to developing smish-to-vish campaigns campaigns where threat actors use phone numbers in SMS messages as opposed to link-based phishing. In 2022, we also finally saw a move away from Covid-19 phishing lures as pandemic-related government funds and support stopped. Several new threat actors made an appearance in 2022 with prolific and novel campaigns explored below targeting banks and big name brands.

The latest US trend has seen threat actors moving from generic, wide-reaching phishing attacks using major banks as lures to targeted attacks featuring small credit unions. Although customers of financial institutions are the most common mark, there was a jump in threat actors specifically targeting credit union customers throughout the US, whereas in the UK a prevalent phishing campaign took advantage of the government-backed energy rebate scheme as energy prices peaked at an all-time high. As expected, big brands like Microsoft, Apple, Netflix, and PayPal were still targeted regularly throughout the year. 

Topics: SMS Attack Phishing Phishing Kit Microsoft Office 365 Banking Hermes Courier Scam Food Delivery Service Phishing SMS Phishing Just Eat Uber Eats Credential Phishing Food Delivery App Phishing package delivery scam
1 min read

Emerging Trends in SMS Phishing

By WMC Global Threat Intelligence Team on 11/8/22 10:15 AM

WMC Global's Ben Coon, VP of Threat Intelligence, and Bobby Preston, Threat Analyst and Sr. Business Development Manager, presented at SaintCon this October.

Topics: SMS Attack Kit Analysis Phishing Phishing Kit Threat Intel finance 2FA Two-Factor Authentication Voice Passwords SMS Phishing Credential Phishing smishing Vishing financial institutions
6 min read

Threat Actor "Robin Banks" Phishing Kit Revisions

By WMC Global Threat Intelligence Team on 8/31/22 10:22 AM


In July, a report was released spotlighting a threat actor known as Robin Banks. WMC Global was also tracking this threat actor and noticed the scammer's attack infrastructure quickly went offline at the time of the article’s publication. It is possible this was done by the intel vendor or the threat actor trying to hide but may also have been an unknown party. Only a matter of weeks later, WMC Global analysts discovered Robin Banks was still operating and had rebuilt their backend phishing operation to be more resilient to takedowns, highlighting their awareness of the original article. 

Topics: SMS Attack Phishing Phishing Kit Threat Intel SMS Phishing Credential Phishing
7 min read

Evri- UK Package Delivery Scam

By WMC Global Threat Intelligence Team on 5/19/22 10:21 AM

Threat actors have found continuous success using package delivery services as SMS phishing lures since the start of the COVID-19 pandemic and package delivery phishing attacks are the number one harvester of credit cards that WMC Global is currently seeing. Scammers now gravitate towards any new courier as a lure because of the sheer effectiveness of the campaigns. These lures are often used to perform call back scams but consumers get wise to the same attack content, resulting in threat actors needing to diversify and increase their portfolio of campaigns. Introducing Evri, the latest UK courier company to be heavily targeted and brand abused for credential phishing attacks. 

Topics: Covid SMS Attack Phishing Kit Threat Intel Banking Courier Scam SMS Phishing Credential Phishing package delivery scam
7 min read

Just Eat - UK Food Delivery Service Customers Targeted by SMS Phishing

By WMC Global Threat Intelligence Team on 4/12/22 9:53 AM

Over the last two years, threat actors have found many lucrative ways to exploit pandemic-induced lifestyle changes and financial strain by creating scams using package delivery services as well as unemployment payments, grants, and vaccine passports as lures. As the world begins to adjust to life beyond Covid-19, threat actors are creating new lures, while still focusing on consumer behavior driven by the pandemic.  

Topics: Covid SMS Attack Phishing Covid-19 Food Delivery Service Phishing SMS Phishing Just Eat Deliveroo Uber Eats Credential Phishing Food Delivery App Phishing
4 min read

Hermes SMS Courier Scam

By WMC Global Threat Intelligence Team on 4/27/21 1:05 PM

Threat Summary

New phishing campaigns are targeting mobile devices to deliver fraudulent courier delivery notifications to potential victims. While many organizations secure email and Microsoft Office applications directly within mobile phones, SMS threats are typically out of scope for many security teams, letting attackers exploit the lapse in coverage to leverage both consumer and business credentials. WMC Global's Threat Intelligence Team is currently tracking an increase in SMS-based courier scams in the United Kingdom. By the end of March over 5000 phishing URLs had been collected targeting Hermes alone. Targeted couriers are Hermes, DPD, and Royal Mail, with Hermes seeing a notable increase in distribution.

Topics: SMS Attack Phishing Hermes Courier Scam
24 min read

Year-End Phishing Report -  2020 WMC GLOBAL

By WMC Global Threat Intelligence Team on 2/19/21 10:15 AM

Summary 

WMC Global's Threat Intel Team analyzed thousands of phishing kits in 2020. While "16Shop" continues to be the most popular, kits capable of capturing gathering multi-factor authentication data, like "Puppeteer," are emerging. There was a large increase in SMS phishing compared to emails over 2020, indicating SMS will continue to be a substantial threat in 2021. WMC Global observed that consumer brands continued to be the primary target for phishing, with Netflix and Facebook being the most impersonated brands; however, WMC Global also observed new threat vectors for phishing in the form of COVID-themed phishing. The United States was the number one location for hosting phishing sites, with NameCheap being the provider hosting the most phishing sites over 2020. WMC Global predicts that in 2021 multi-factor authentication will become a focus for threat actors, phishing link delivery methods will continue to evolve, and phishing kit intelligence will be more prevalent in tracking threat actors. 

Topics: SMS Attack Phishing Kit finance Netflix Puppeteer Kit
11 min read

Evolution of a Phish: Popular UPS Email  Scam Now  Targets  Mobile Users

By WMC Global Threat Intelligence Team on 2/17/21 9:03 AM

Phishers are well known for identifying and exploiting security weaknesses. Many email and security teams are becoming more effective at blocking attacks, but phishers are targeting new gaps in remote workforce and SMS phishing detection. Specifically, threat actors are increasing the delivery of phishing campaigns via text message to avoid email vendor protections to deliver phishing directly to victims. 

Topics: SMS Attack Phishing Phishing Kit Courier Scam UPS
9 min read

Netflix-Branded Mobile Phishing Campaigns in August

By WMC Global Threat Intelligence Team on 9/23/20 9:30 AM

Threat actors target a range of services often either due to credential resale value or to target higher value accounts in credential stuffing campaigns. Last month, WMC Global tracked three unique Netflix-branded phishing campaigns that resulted in over 390,000 unique URLs (Figure 1). These campaigns were solely distributed via text messages (SMS) to US mobile numbers. WMC Global’s analysis in the campaigns provides unparalleled visibility into Netflix-branded phishing attacks.

Topics: SMS Attack Phishing Phishing Kit Netflix