{"id":18330,"date":"2022-02-22T07:30:03","date_gmt":"2022-02-22T15:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/02\/22\/news-12063\/"},"modified":"2022-02-22T07:30:03","modified_gmt":"2022-02-22T15:30:03","slug":"news-12063","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/02\/22\/news-12063\/","title":{"rendered":"Fake notifications about system security"},"content":{"rendered":"

Credit to Author: Roman Dedenok| Date: Tue, 22 Feb 2022 14:52:57 +0000<\/strong><\/p>\n

Most online services have a built-in security system that alerts you when it detects “unusual” activity on your account. For example, services send notifications about attempts to reset the phone number and e-mail address linked to the account, or the password. Of course, as soon as such messages became commonplace, enterprising cybercriminals tried to imitate this mechanism to attack corporate users.<\/p>\n

Example of a fake notification<\/h2>\n

If it’s a public online service attackers will usually make every effort to create exact copies of a real message. However, if attackers are hunting for access to an internal system, they often have to use their imagination as they might not know how the email should appear.<\/p>\n

\"Real<\/a><\/p>\n

Real example of a fake notification about a change of phone number.<\/p>\n<\/div>\n

Everything about this message looks ridiculous, from the incorrect language to the rather dubious logic \u2014 it seems to be at once about linking a new phone number and about sending a password reset code. Nor does the “support” e-mail address lend credibility to the message: there is no plausible reason why a support mailbox should be located on a foreign domain (let alone a Chinese one).<\/p>\n

The attackers are hoping that their victim, fearing for the security of their account, will click the red DON’T SEND CODE button. Once done, they’re redirected to a website mimicking the account login page, which, as you’d imagine, just steals their password. The hijacked mail account can then be used for BEC-type attacks or as a source of information for further attacks using social engineering.<\/p>\n

What to explain to company employees<\/h2>\n

To minimize the chances of cybercriminals getting their hands on employees’ credentials, communicate the following to them:<\/p>\n