Ampyx Cyber

View Original

Three ways phishing emails can trick you as seen in Peru

Patrick Miller

Attackers used this misleading file name to trick people into downloading malware, according to ESET. Image: ESET

BY KERRY TOMLINSON, AMPERE NEWS

Peruvians see plenty of fake email attacks, so many that their country made the top ten list for phishing targets twice during the pandemic.

Attackers use sneaky tactics that can work on people from many countries, not just the citizens of this Latin American country known for its Incan history, Machu Picchu, and alpacas.

Here are three tricks you can learn from phishing as seen Peru.

Watch here:

Trick # 1: Funky file names

The first email alerts Peruvians about a delayed package with an incorrect address.  It tells them to click on the attachment to confirm the address or fix it, according to a report by security company ESET this spring.

The file name says it's a delivery address confirmation notice and has the name:

confirmación de la dirección de entrega.jpg.xxe

At first glance, you might think it's a JPEG or image file, based on the three letters 'jpg.' JPEGs are usually safe to open.

But attackers are tricking us. It's really an XXE file, as the last three letters show, a sneaky file that can lead to trouble. XXEs can hide dangerous files inside.

And indeed, this XXE holds an EXE file, an executable program, which means it can execute malicious things on your computer, ESET said. Criminals use these files to download malware onto your machine. In this case, the malware can take screenshots of your computer, record what you type, and steal your passwords.

How do attackers pull off this trick? They simply type the letters j-p-g when they're naming the file. They're counting on us not looking closely and noticing that that it's not really a JPEG.

Save yourself a hack:

  • Check extension names.

  • If they're at all suspicious or confusing, do a search to find out what they mean.

  • Avoid executables like EXE when possible to protect yourself.

Trick #2: Site sleight of hand

Another round of fake messages went out to trick Peruvian customers of Scotiabank, a Canadian bank with branches all over the world including Peru.

The emails sent people to a fake Scotiabank website that looks like the real thing, said Peru's Centro Nacional de Seguridad Digital in April.

 The crooks ask you to enter your email address and your password, among other important pieces of info. Then they'll try to take over your email and bank account or sell your info on the dark web.

The twist comes at the end. After you give away your passwords, they tell you there's been an error and send you to the real Scotiabank site, so you'll think you were on the real one all along. This trick can work for customers of any bank.

How to beat this:

  • Memorize or verify your real bank site address.

  • Keep an eye on the address bar while you bank.

  • Don't click on links in bank emails. Instead, go to your bank site directly.

Trick #3: Look-a-like names

The final trick appears in an email about taxes that went out to people in a number of countries in Latin America.

It claims to have your tax bill and asks you to click on an attachment, according to Cisco Talos. That will take you to a web page with another request to look at a file.

Click there and things go south. Malware downloads onto your machine, takes over your email and sends out poisonous messages to everyone you know. That hides the thieves' tracks and makes you look like the real criminal. On top of that, it steals your passwords to your bank accounts to use or sell.

Along the way, this malware uses a site called 'tributaria' which means 'tax' in Spanish. The trick is that the address is:

tributaria(.)website

It’s not an official government site that ends in:

(.)gov

or in Latin America:

gob(.)pe for Peru

gob(.)mx for Mexico

gob(.)ar for Argentina and so on.

It's easy to skip over that small detail and fall for the trick.

Beat them at their game by checking out the full address, not just a few key words that sound like they're the real thing.

Bonus trick

The last email about taxes shows us an extra trick.

The malware will suddenly restart your computer. If your computer suddenly restarts out of the blue, it's not a bad idea to do a virus scan with whatever antivirus software program you're using to see if you've been hacked.


Also in the news:

MORE FROM Ampere News

#phishing #cybercrime #cybersecurity #cybersecurityawareness #doubleextensionattack

See this content in the original post

Featured Stories

See this gallery in the original post