A fresh spear-phishing email campaign is banking on users’ fear of terror attacks to trick them into executing the malicious attachments.
Earlier this month, Symantec observed malicious emails spoofing the email address of one United Arab Emirates (UAE) law enforcement agency, particularly the Dubai Police Force. They read like a warning of terror danger.
The attachments are disguised as valuable security tips that could help recipients to protect themselves, as well as their companies and their families, from potential terror attacks that may occur in their business location.
To add more credibility to the emails, the crooks impersonate the incumbent Dubai Police lieutenant general, who is also the head of general security for the emirate of Dubai, by signing the email with his name.
While the group behind this campaign mainly targeted UAE-based companies and employees, Symantec has also seen similar spear-phishing runs targeting three other countries: Bahrain, Turkey and, more recently, Canada.
“Like in the Dubai campaign, the cybercriminals are also using incumbent law enforcement officials’ names in these countries to lend credibility to their fake terror alerts, which also purport to provide protective measures supposedly outlined in attached files,” explained the firm, in a blog. “The group is expanding their reach and we may see new email models targeting additional countries.”
Interestingly enough, despite not being entirely written in the countries’ respective official languages, the emails are well done, according to Symantec.
For one thing, all officials used in the cybercriminals’ scheme are currently in office. The Canadian fake terror alert for instance was supposedly sent by a Canadian Department of National Defence official.
Also, the subject in most cases reflects the name of an employee who works for the targeted company.
“All these details show that the crooks did some research before sending these phishing emails,” Symantec noted. “If they do not have any employee information, then they would email other targets in the company that could provide them an entry point, such as customer service representatives or IT department personnel.”
The campaign seems to target a range of sectors, including energy, defense contractors, finance, government, marketing and IT.
“With recent events such as those witnessed in Paris and Beirut just last week, terrorist attacks have become a threat across the world, and terror groups have been known to make their presence felt online too,” Symantec noted. “We may yet see more of these kinds of social engineering tactics preying on real-world fears.”
Photo © Anna Omelchenko