Malware via Teams, Amazon Email Fraud, Canadian Phishing Target – Cybersecurity News [03 July 2023]

Here is this week’s edition of phishing news to keep you updated on the latest developments in the cybersecurity landscape.

TeamPhisher Tool Exploits MS Teams to Deliver Malware

Malicious actors are using a new tool TeamPhisher in one of the latest

phishing attacks

to infiltrate Microsoft Teams and send malicious Sharepoint attachments to users. Becoming a victim of such malicious attacks could cost dearly to organizations without robust phishing prevention and

ransomware protection

strategies and safeguards.

Though TeamPhisher was initially published by the US Navy for authorized red team missions, threat actors found it could help exploit a Microsoft flaw.

MS Teams’ vulnerability allows infiltrators to trick a recipient into receiving an external message thinking it is from a trusted internal sender. They do this using TeamPhisher to alter the message’s POST request ID .

However, Microsoft hasn’t taken any action for email phishing protection in this regard yet, as it thinks the issue doesn’t warrant immediate treatment. Instead, it warned users only to receive messages from trusted domains. It also urged them to disable unwanted tenants and be careful with attachments and file transfers.

 

Fraudsters Exploit Amazon Users and Steal Credentials Through Fake Emails

“over 90% of ransomware attacks begin with a phishing email (Verizon 2024 Data Breach Investigations Report) email. Blocking the phishing email is the most effective ransomware prevention strategy available — it stops the attack at the earliest possible stage, before any malware reaches your network. Every ransomware incident we’ve investigated started with an email that should have been caught.” — Vasile Diaconu, Operations Lead, DuoCircle

In a new scam surfacing repeatedly this summer, scammers pretending to be from Amazon, American Express, or Apple inform users through phishing emails that some fraud has occurred on their accounts. They then ask them to download ‘Quick Support’ software to solve the issue.

The app is spyware that can give malicious actors access to the users’ screens. However, users in panic would download it in a hurry without thinking twice.

Summit Federal Credit Union reported this scam utilizing scare tactics. The downloaded malicious app will help the scammers get their credentials as the user logs into their account. The scammers further keep the worried user distracted by giving more instructions and asking them to note down specific numbers while they purchase gift cards using the user’s account .

 

Fraudsters Target Low-Income Canadian Families with Phishing Messages

People in Canada started receiving phishing messages related to a government grocery rebate only hours after it was announced. The government issued the rebate to 11 million low-income families to alleviate the effect of inflation and increased food prices.

However, threat actors were so fast in sending fake text messages in the name of the Canada Revenue Agency (CRA) informing people to click a malicious link purportedly to get the money.

Jeff Horncastle from the Canadian Anti-Fraud Centre (CAFC) said education is the best anti-phishing method. He added that phishing attempts are the most reported scam, and 10,746 cases were reported last year. Johanna Mathews, who received two rebate scam messages despite being eligible for the rebate, thinks the scam was terrible because the fraudsters target those already struggling financially.

 

Due Diligence from OTT Messaging Apps Soon to Curb Phishing and Spam

The Telephone Regulatory Authority of India (TRAI) held a meeting on July 3, 2023, with platforms for OTT messaging, such as WhatsApp, Meta, Google, and Telegram, concerning the rise of phishing and unwanted calls associated with the telecommunications sector.

Though regular telecom operators work under the guidelines of TRAI, including directives for using AI (Artificial Intelligence) and ML (Machine Learning) to prevent spam and malicious messages and calls, OTT platforms remain largely unregulated.

The authority and the platforms agree on points to be addressed and are working collaboratively on various phishing protection ** models** concerning the issue. There will be further meetings before they finalize a plan of action.

Positive developments like these can significantly help users stay protected from malicious calls and messages. TRAI does not disclose more information about the developments at this stage, fearing it could only help fraudsters.