A new type of cyberattack flooded the emails of hundreds of users in Bulgaria
A new type of cyber attack has flooded the emails of hundreds of users in the country. Emails on behalf of a real company misleadingly claim to contain order details. Only, if the steps in the letter are followed, the mail and all the data in it can be stolen by cyber criminals.
Through such an attack, not only the e-mail can be stolen, but also social network accounts, correspondence with personal data, bank cards.
A BNT team reported this new type of attack to the Cybercrime Department of the General Directorate for Combating Organised Crime, which took measures. Now the emails are marked as phishing to get people's attention and make them alert. And if today our team came across a new type of phishing scam, other popular cybercrimes are flourishing.
Almost every day, two or three people report to the directorate for combating organised crime that they have been the victim of an investment scam. Through an ad on social media, they have been tricked into investing in a particular platform to trade stocks, gold or cryptocurrency. After receiving nothing, they realised they had been scammed out of thousands of dollars. In addition, almost every day a Bulgarian company reports that it was tricked with a fake email on behalf of a supplier to divert a transfer for a lot of money to a new switched bank account.
We do what we shouldn't - we open the attachment in an unexpectedly received and slightly illiterate message on behalf of a company that supposedly should have order details. We do this with the head of the Cybercrime Unit. Instead of opening a document, a web page comes up which fools us into thinking that we have logged out of our mail and asks us to fill in our password again.
"You have logged out, please log back in.” If the user does this thing, if they enter their username and password, the hackers will just know their username and password for that mailbox. They then take over the mailbox and start looking to see if there are payment details, if there are personal details, bank card photos, usernames, passwords. Very often from a hijacked mail service they can go to a social network," explained Vladimir Dimitrov, Director of the Cybercrime Unit.
The letter is signed on behalf of a specific company and a specific employee. The company found out about the attack when their phones heated up with calls.
"On these emails it actually says that the signature is mine, which is my company signature, first name, last name, phone numbers and contact email. Specifically today they are especially active, an awful lot of people are receiving the mails. Clients are calling, saying they're getting an email which they cannot open when they try to open it. And the interesting thing is that not only clients call, but also people we don't know at all, all sorts of people," Rositsa Popova said in a phone conversation.
Attempts for stealing passwords and data are nothing new. However, this is the first time that the Cybercrime unit has seen exactly this type of attack.
"For the first time we see that no file is being downloaded. The vast majority of phishing emails aim to infect your computer configuration and when you download the file and activate it, there's a computer virus on it. But this particular phishing that you alerted us about, this is the first time we've seen the download button just having a link to a phishing site," noted Vladimir Dimitrov, director of the Cybercrime unit.
The intricate web behind the phishing attack is now clear.
"The site is registered through a company that is in China, it is physically located in the Czech Republic, it is operated by a hosting company that is from former Russian countries," the director of the Cybercrime unit noted.
Internet vigilance is at the top of the recipes for safe browsing, as well as the latest version of the operating system, a reliable antivirus programme and changing different account passwords periodically.
