Scam and phishing are on the rise globally and in META, in particular in Q1 of 2023 the UAE saw a 33% increase in the number of phishing attacks compared to Q1 2022 . A holiday season is usually the time when cybercriminals intensify their activity. Summer time is not an exception: people are planning their vacations and dreaming of a nice time travelling or on the beach, becoming easy targets of summer scam campaigns.
Kaspersky found that over the summer months cybercriminals send out fake HR emails to employees in order to get corporate credentials. The aim is to get the phishing link clicked by the employee. In the emails, the attackers mention vacation schedule: sudden vacation rescheduling, the need to confirm the dates, or a clash with some important events. Given that many employees already have plans made, tickets bought, hotels booked, they are more likely to fall for it.
A closer examination of the above email showed that the sender was not a company employee; the “HR director” who “signed” was nameless and his signature does not match the organization’s corporate style; hidden behind the link seemingly pointing to a PDF file was a completely different address.
It is also clear that the attackers know only the recipient’s address. The automated mass mailing tool takes the company’s domain name and employee’s name from the address and automatically substitutes them into the imitation of the link and the sender’s signature.
Even if the victim clicks the link, they can still spot signs of phishing on the attackers’ website. The link in the above email directs to the page below:
The site is hosted not on the company’s server, but in Huawei Cloud (myhuaweicloud.com), where anyone can rent space. The name of the file doesn’t match the name of the PDF mentioned in the email. There’s not a single attribute on the site to connect it to the specific company. Once the victim enters their password in the login window, it goes straight to the cybercriminals’ servers.
To stay safe and not fall victim to phishing, Kaspersky recommends:
Implement protection at the mail gateway level to lessen the likelihood of corporate employees encountering phishing emails. Internet-facing devices need to be protected by an endpoint security solution.
Hold regular awareness training for employees on the latest cyberthreats, or, at the very least, regularly inform them of potential phishing scams.
Stick to reputable websites: use trusted and well-known travel booking platforms, airlines and hotel websites when making reservations. Be cautious of unfamiliar or suspicious websites that offer unbelievably low prices or ask for excessive personal information.
Verify website authenticity: before making any transactions or providing personal details, double-check the website's URL for secure connections (look for "https" and a padlock icon). Be wary of websites with slight misspellings or unusual domain names, as these may indicate fraudulent activity.
Read reviews and do research: research the accommodations, airlines or travel agencies you plan to use. Read reviews from reputable sources to get an idea of other travelers' experiences and any potential red flags.
Use a security solution: a trusted security solution, such as Kaspersky Premium, will protect you from all known and unknown forms of scams, including travel phishing.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
