Amazon SES Token Stolen From Kaspersky Used in Phishing Campaign Targeting Office 365 Users
Last updated November 2, 2021
There’s a spike in phishing attacks targeting users of the Luno cryptocurrency exchange right now, and as Kaspersky warns through a report, the scammers are having good rates of success. The actors send email messages to the victims that pretend to come from the Luno team, impersonating the address convincingly. The message body talks about a problem that has placed the recipient's account on hold, so they allegedly need to click on the embedded button and follow the instructions to “solve the problem.”
In the next step, which is to send the victim to the phishing page through a series of redirects and ask them to log in, the landing URL address that is used for the site has no resemblance to the Luno platform, but the layout of the webpage looks good enough for the deception to work.
If the victim ignores all the signs of fraud and enters their credentials, they get a ‘403 Forbidden’ error, and the adventure ends there. For the attackers, this is where the exploit begins as they now hold the user’s credentials and can log in to their accounts to withdraw crypto on wallets controlled by them.
One thing that you should keep in mind is that those phishing actors aren’t moving randomly, and neither do they distribute millions of emails with the hope that some will reach Luno users. Every time you write anything about owning crypto on social media, you are giving crooks a tip. Someone could easily see which crypto exchanges you are following on these platforms and figure out where your investments are. In other cases, the actors buy data leak lists from other relevant platforms and then use mass-mailing tools to do the job.
If you have received an email alleging any issue that requires your login on the account, do not click on any embedded buttons. Instead, open a new tab and visit the official site. If there’s anything that requires your attention, you will see an alert there. In any case, never enter credentials anywhere without carefully checking the URL you’re on. Finally, use multi-factor authentication that would make losing your account unlikely, even in the case of your credentials being compromised.