How Does Russia Use Phishing?

Introduction 

Russian bad actors have been masquerading as hotel name brands to entice users into entering their credit card information, hoping to book their dream trip. This group has registered at least 4,300 domain names and is currently being used to bring an air of legitimacy to their phishing emails. 

These emails appear to be both authentic and have a sense of urgency. This combination leads to compromise as users scramble to give up their credit information to these bad actors under the guise of credible booking vendors such as Expedia, Airbnb, etc. It is best to stay on guard whenever you book your next vacation; otherwise, these bad actors may go on vacation at your expense.  

Phishing  

Phishing has been used for years by bad actors to compromise users by clicking links or entering sensitive information into their malicious web portal. Some common themes found in phishing are provoking a sense of urgency to trick the user into clicking immediately and using a fake sense of authority to gain the trust of the user. 

In this case, the malicious actors were disguising themselves as accredited online travel industry brands, pressuring users to enter their credit card information within 24 hours to get the travel deal. These bad actors then use fake landing pages that support 43 different languages so they can cast a wider net with these phishing campaigns. 

A fake landing page is a malicious webpage that looks authentic to put users at ease whenever inputting their information. Fake landing pages can even sometimes look exactly like a legitimate one, making it always important to check the domain and URL of the webpage.  

Domain Squatting 

Domin squatting occurs whenever someone uses an internet domain that is almost identical to a legitimate or well-known domain. An example could be someone using G0ogle.com instead of Google.com. This may seem like an obvious difference, but if a user is under pressure to input information into a fake landing page that also utilizes domain squatting, it can easily be overlooked. 

In this case, fake travel landing pages that use domain squatting are used to prompt users into inputting their credit card information. After the information is input, it falls into the bad actors’ hands and displays a fake attempt to process transaction animation, leading to a support chat window. Making users think that a transaction never went through.  

Personnel Training 

User training can be very helpful in avoiding these attacks. Having user competency and discipline can be the determining factor in whether a compromise occurs. A user must have the awareness to know attacks like these are out there and the discipline not to click on any of the seemingly urgent links. 

TraceSecurity offers both phishing and vishing testing to help users build composure to avoid falling for these types of attacks. These engagements can also be paired with a fake landing page to simulate this real-world threat. TraceSecurity’s phishing campaigns can even track whether a phishing email is opened or if a link is clicked. This training can help users get into the habit of being cautious and aware whenever coming across a phishing email. 

Conclusion 

Phishing remains an effective and cheap attack method for bad actors. This attack can be very persuasive and seem legitimate, especially when paired with domain squatting. Even with numerous security controls in place, it just takes one click for a compromise to occur within an environment. 

Getting ahead of the game and preparing your personnel is an excellent way to guard oneself against these attacks. Best to be prepared than to be doing damage control whenever one of these links is clicked.