Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%).

The hackers are impersonating brands and presenting fake email-based offers. Hackers’ objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain.

The Full Story:

The campaign hinges on the use of hacked accounts – belonging to the travel agency known as Riya – to send email messages. Messages from the accounts weaponize popular trends and brands in order to appeal to potential victims.

Seventy-five percent of the sent messages reference the cryptocurrency known as Bitrock, while roughly 10% of the messages mention the crypto trading platform ApolloX (APX). Another 10-15% impersonate a retail chain.

[Email asking users to claim Bitrock cryptocurrency]

What It Means:

Recent data shows that more than $1.1 billion has been lost in relation to scams that impersonate businesses and government agencies.

As the holiday season kicks into high-gear, widespread impersonation schemes are liable to become more deceptive, more prevalent, highly targeted, and a real danger to the individuals, employees and brands that are exploited.

As we wrap up 2024, ensure that brand impersonators do not defraud your business and take advantage of your employees. Here’s how:

Actionable Recommendations for Businesses: 

  1. Leverage brand management tools. Apply zero brand spoofing protection across attack vectors. This tooling blocks access to links that impersonate international or local brands and has a 40% higher catch rate than traditional technologies.
  2. Invest in AI-powered threat prevention. In order to sidestep malicious content, focus on advanced email filtering technologies, such as AI-powered threat prevention, sandboxing and behavioral analysis.
  3. Get advanced capabilities. Ensure that your organization has domain monitoring and authentication protocols (such as SPF, DKIM and DMARC) in-place. These technologies prevent attackers from launching emails that impersonate senders from a given domain. Learn more here.
  4. Create an ongoing learning experience. Implement security awareness training, helping employees to recognize phishing attempts.
  5. Maintain an IRP. Have a phishing incident response plan (IRP). Anticipate the escalation of a phishing attack, and engage in scenario modeling. Determine how to limit an attack’s potential impact on your organization and the ancillary activities required around blocking the attack.

Actionable Recommendations For Individuals:

  1. Remain skeptical of unsolicited emails. Verify a given sender’s address carefully and avoid clicking on links or downloading attachments from unsolicited messages.
  2. Protect personal information. Never share login credentials, financial details or personal information via email.
  3. Verify brand communications. If needed, contact companies directly through official websites or verified customer service channels. Do not use the contact information provided in suspicious emails.
  4. Report suspicious emails. Forward phishing emails to your email provider. Report impersonation to a brand’s official fraud reporting channel. Once emails have been reported, as needed, delete the emails as to prevent accidental clicks.

Check Point has proactively reached out to Riya to disclose these findings.

Looking for a leading-edge emails security solution? Get a demo or speak with one of our experts today.

You may also like