Phishing is an age-old cyberattack that many hackers use to this day. With the advancement of technology and skills, it has quickly adapted to the times, creating new threats for organizations alike.
Many gathered for the second webinar organized by Philippine Insurers and Reinsurers Association (PIRA) in partnership with the Insurance Institute for Asia and the Pacific (IIAP) and IPV Network. The topic “The Latest Phishing Trends in the Philippines” was presented by the experts of our partner Cyberint.
The main goals of the threat actors are to collect emails, credentials, credentials + MFA, and direct transfer (true login). Hackers are reported to be using traditional phishing techniques to steal sensitive data from their targets. They use emails that evoke a sense of urgency to encourage the victim into clicking their phishing links.
In phishing, there are three steps for the traditional end-to-end process.
Hackers will gather the necessary phishing tools to carry out their plans. Threat actors would buy phishing kits, which are software tools that make it easier for hackers to launch their phishing schemes. This software could mimic login pages of legitimate websites such as Facebook or bank pages to retrieve sensitive information.
Hackers would also buy email lists from other threat actors and invest in a mailer script to automatically send emails to unsuspecting victims. In addition, they would buy or rent out mule accounts from other threat actors to place the stolen money.
At this stage, threat actors would start executing their plan. They would begin by compromising legitimate websites and uploading their phishing website. Hackers would set up their mailer script and, using this, would send out spam emails to people on their mailing list and collect stolen credentials of victims.
The last stage of the process is extracting the money from their victims. To do this, threat actors would rent callers, usually from the call center industry, to obtain a victim’s OTP. Callers would know information about the victim and ask them for more credentials, coercing them into divulging the OTP. Hackers would then log in to the victim’s account and transfer money to their mule account to cash out.
This is how the traditional end-to-end process is executed by threat actors. However, by using avatars online, Cyberint found other methods that threat actors use throughout the internet. Nowadays, hackers are in search of quality tools to use for their schemes and are utilizing social media to sell them. They are looking for new victims, or a “fresh list”, to target which makes them more vulnerable to attacks due to the lack of awareness of the dangers threat actors bring. According to the findings of Cyberint experts, hackers in the Philippines have evolved into adopting newer methods of phishing.
- Email Checker
It is a newer trend that hackers use in the Philippines. It is a tool designed to filter the real customers of a targeted website. By checking the email/username list that the hacker has, the email checker can determine if a specific email/username is associated to the targeted website or not. By reducing their list, hackers can carry out a more efficient plan.
- True Login
It is a phishing kit that can connect to the real banking website while showing a fake website to the victim. By using a reverse proxy, hackers can get the number and OTP through the login page, which they can ultimately use to transfer funds to their mule accounts.
- Real-Time Messaging
Traditionally, hackers use phishing kits that contain telecombots and wait for victims to fall for the attack. However, with Real-Time Messaging, hackers are automatically notified through common messaging apps when a victim enters their credentials on the phishing websites.
- OTP Bypass
This newer method requires proficiency and technique. Threat actors will create ways to bypass the system by studying how the apps are written and see where the vulnerabilities lie. This gives the threat actors the capability of doing transitions without the need for two-factor authentications like OTP, only a username and password. An OTP bypass happens when a system and network are not secure and protected.
Today, cybercriminals are creating more complex and sophisticated schemes. They are searching for better and newer methods to use, which creates new dangers for users. We see threat actors actively reaching out to other threat actors for tools, skills and newer victims to target, making it even more critical to know how to prevent it.
Want to know more on how prevent it from happening to you? Watch out for our next article!