Kaspersky cybersecurity experts have discovered a multi-step phishing scheme targeting employees who handle financial documents, the tech security company has alerted.
The attackers, Kaspersky said, aim to steal login credentials by impersonating legitimate companies and leveraging trusted services like Dropbox.
Phishing scams are a common form of cyberattack where criminals attempt to trick victims into revealing sensitive information, such as passwords or credit card details. The information can be sold on the dark web, steal sensitive financial data, among others. These scams often involve emails or messages that appear to be from legitimate sources, such as banks, credit card companies, or even trusted colleagues.
The attack unfolds in stages, meticulously designed to lull victims into a false sense of security. According to Kaspesky, the initial interaction which is sent from a legitimate address that has most likely been hijacked, “is intended to make the recipient less suspicious: like a preparatory step to ease into the main fraudulent activity.”
Roman Dedenok, a security expert at Kaspersky, said that “the email appears legitimate from both a human standpoint and in terms of protection software. It contains a plausible cover story that an official audit company has information for the recipient, complete with a disclaimer regarding sharing confidential information.”
In addition, the email contains no links or attachments and originates from an easily searchable company address, making it nearly impossible for a spam filter to detect,” he explains.
Following this initial email, the attackers send a seemingly innocuous Dropbox notification stating that the “auditor” shared a file for review and signing. Clicking the link in this notification reveals a blurred document with an authentication window on top. Kaspersky said that “the user will see a form requesting their corporate login and password: credentials that cybercriminals seek to steal using this multistep scheme.”
To mitigate this issue, Kaspersky advises that employees should be warned and vigilance should be encouraged.
“Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails,” the tech security company advised organisations.
“Overall, all company employees should remember to input their work password only on sites owned by their organisation. Neither Dropbox nor external auditors can know and need your work password.
As perpetrators constantly devise more sophisticated schemes to steal corporate account data, we recommend implementing real-time protection, threat visibility, investigation and response solutions, such as the Kaspersky Next product line,” Kaspersky advised.