The targeting of the United Nations to the attacks of phishing fraudulent

Targeted campaign to catch the probability level of focus on mobile devices , the United Nations and many other humanitarian organizations, including United Nations Children’s fund UNICEF, UNICEF, Red Cross, Red Cross, World Food Programme, WFP.

The campaign uses the pages signed by SSL certificates create login pages project for Microsoft Office 365.

And side non-normal situation is that they define the mobile devices, because once you discovered a device portable, they record keystrokes in real time during the user entered in page phishing.

He explained researchers from the company Lookout in the publication to instructions JavaScript code in the pages of the service to discover whether the page is loaded on a mobile device, so send content with mobile devices in this case.

They pointed out that the web browsers for mobile devices also help to inadvertently hide the URLs of deception by their conviction, which makes it difficult for the victim to examine the legitimacy of the page.

Related topics what you read now:

The researchers said: it is the place that happens to mobile phones and in this campaign is further evidence that denial of service attacks have evolved to target mobile devices.

Is included the function of recording the keystrokes directly in the password field to the page with the login underhanded, allowing the server to command and control (C2) collecting anything is entered in the fields, even if the user stops the input in the middle of the process.

The increasing intensity of the techniques of phishing and its development constantly, and show patterns of fishing new, but the essence of these frauds is still the same, an attempt to induce email users to click on a link or downloading an attachment leads to a malicious activity and may lead to data breach.

According to Lookout, there are two areas hosting the content of phishing, both of which are working since March 2019.

Illustrate campaign Design current reserve, which targeted officials of the United Nations, UNICEF, Red Cross and other humanitarian organizations how to become phishing attacks is very complicated.

And get hackers using phishing sites non-encrypted stolen login data, and to obtain financial information or inside information.

These are used to recent attacks targeting United Nations and the sites of global philanthropy TLS certificates to make the malware look legitimate, which benefit from implicit confidence users have in the green lock that was created by the TLS certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *