Cisco: Are You The Lucky One? Sometimes Luck Can Bring You Malware
For more than two decades, malicious actors have been evolving their Phishing techniques to effectively achieve their goals. From poorly crafted scams to extremely well crafted documents, Phishing attacks keep being a very effective technique in the attackers toolbox. Anyone can be a target. While more sophisticated phishing attacks are constantly changing, some other type of attacks remain under the radar for long periods of time.
Figure 1: Lucky Winner phishing campaign impersonates top companies to lure users to provide personal information.
In the last three months, Cisco Cognitive Threat Analytics observed a sudden increase in the number of users accessing a specific type of phishing campaign that we refer simply as “Lucky Winner”. This campaign lure users to answer some questions in order to win some special prize, typically the latest model of an iPhone or Samsung phone. For more than two years the Lucky Winner campaign has been impersonating top companies such as Google, Facebook, Microsoft and Apple in order to steal personal information or infect users with unwanted applications or malware. In this blog post we will cover how the ‘Lucky Winner’ campaign works and how to stay safe from this type of threat.
Congratulations, You Are A Lucky Winner!
The Lucky Winner campaign uses well crafted domains (See Figure 2) that impersonate well known dot com companies and relies on the fact that nowadays mobile browser address bars are really small and users won’t actually see the full URL that is being accessed, only the first part which is usually attempt to look a legitimate site (See Figure 3). This campaign relies on users seeing what they want to see, and not paying attention to what type of websites are they really accessing.
Read the entire article here, Are You The Lucky One? Sometimes Luck Can Bring You Malware
via the fine folks at Cisco Systems.