Temperatures are rising and the days are getting longer, which means it is that time of the year again: summer vacations. Whether you are planning a relaxing beach getaway, an adventurous road trip, or exploring a new city, summer holidays offer a much-needed break from the daily routine. Unfortunately, cybercriminals think so too, and as many of us prepare for a break from the day job, they are gearing up for play.
Malicious new domain related to summer vacation
In May 2023, the period running up to summertime, 29,880 new domains related to holidays or breaks were created. This represents a 23% YoY increase compared with the same period last year, when 24,367 new domains were created. Of those websites that went live, 1 in every 83 were either malicious or suspicious.
Be wary of who’s approving your vacation
Check Point Researchers have observed several phishing campaigns. One of these was an email allegedly sent from “(the name of the target’s company) Director of Human Resources” with the subject “(the name of the target’s company) Submittal – for – vacations – approval – announcement.”
The email is a fake announcement from the Director of Human Resources regarding the annual and summer open vacation plan for the year 2023. It provides information about vacation days, weekends, office closures for public holidays and terminated employees.
To enter this list, the victim needs to click on the malicious link which mimics a legitimate Microsoft login page and is intended to steal the victim’s credentials.
When the compensation lures you to click
In the second example, phishing emails that mimicked the airline company TAP Air Portugal, were discovered. The email was sent from no-reply@flytap\.com with the subject “Flight delay compensation EUR 135”
The contact of the phishing emails is trying to lure the target into clicking on a malicious link in a claim, informing the victim that, as their last flight with TAP Portugal was delayed, they are entitled to compensation. The email contains this malicious site which mimics the company site and steals the target’s credentials.
How phishing works
The basic premise of a phishing attack is a message sent by email, social media, or other electronic communication means.
A phisher may use public resources, such as social networks, to collect background information about the personal and work experience of their target. These sources are used to gather information such as the potential target’s name, job title, and email address, as well as interests and activities. The phisher can then use this information to create a reliable fake message.
Typically, the emails appear to be from a known contact or organisation and contain malicious attachments or links to malicious websites. Attackers often set up fake websites that appear to be owned by a trusted entity like a bank, workplace, or university. Through these websites, attackers attempt to collect private information like usernames and passwords, or payment information.
Some phishing emails can be easy to spot due to poor copywriting and improper use of fonts, logos, and layouts. However, many cybercriminals are becoming more sophisticated at creating authentic-looking messages and using professional marketing techniques to test and improve the effectiveness of their emails. Generative AI has given hackers and low-skilled cybercriminals the tools to craft the perfect code and email copy that could dupe even the most suspicious recipient.
