Cofense Intelligence™ recently observed a new phishing scam making the rounds in the United Kingdom. It poses as the TV licensing authority better known as the British Broadcasting Corporation. The premise behind the scam is to trick the user into believing that he or she is breaking the law by not owning a valid license to receive TV, a criminal offense in the UK with a maximum penalty of a £1000 fine plus any legal costs incurred during prosecution.
The Cofense™ Phishing Defence Center has observed a convincing new phishing campaign targeting taxpaying UK nationals. The threat actors posing as Her Majesty’s Revenue and Customs (HMRC) have imitated the Government Gateway tool which is commonly used by UK citizens to access government services online. The threat actor attempts to convince victims that they are due a tax rebate of £458.21 using the lure below.
Recently, the Cofense™ Phishing Defense Center has observed a phishing campaign targeting Greek-speaking users and customers of Alpha Bank. Alpha Bank is the fourth-largest Greek bank. We observed threat actors using multiple tactics to gain login credentials which include user names, passwords, and secret questions. This information would allow threat actors to access unsuspecting victims’ accounts draining funds and perhaps reusing those credentials on other websites.
New additions to the TrickBot malware’s capabilities, observed by the Phishing Defence Centre, indicate that this malware tool is undergoing active development. The designers of this malware are still working hard to introduce new functionality including a network worm functionality and a screen-lock module. The worm component utilises the leaked “EternalBlue” exploit for CVE-2017-0144 to propagate itself across networks that have yet to patch or discontinue the use of SMBv1. The deployment of the screen-lock module (which appears to be still in the early phases of development) gives the threat actors the ability to change the functionality of the malware from robust banking trojan to a rudimentary ransomware.