In the Wells Fargo phishing campaign that Abnormal Security found, the fraudsters attempt to steal customers’ data, such as usernames, passwords, PINs and account numbers.
Victims receive phishing emails that appear to come from the Wells Fargo security team that ask customers to update their security key. Included in the email is an ICS calendar file that is supposed to store scheduling information, according to the report.
Malicious domain designed to look like Well Fargo landing page (Source: Abnormal Security)
If the victim opens the calendar file, it contains a link to SharePoint page, which then asks the target to open yet another webpage. This final page is the malicious domain controlled by the fraudsters and is designed to look like a legitimate Wells Fargo website. If customers’ data is inputted, it’s collected by the attackers, researchers note.
The report also notes that the calendar invite file is designed to encourage victims to click and asks that they open it up on their mobile device.
KNow more about the “IT security consultant“.
“Here, the attacker is attempting to exploit a setting where the event will automatically be added to a user’s calendar,” according to Abnormal Security. “Most of these programs will send an automatic notification to the user and attackers hope that potential victims will click on the event and follow the malicious link. As a result, these attacks are more likely to be seen by recipients.”
Source: careersinfosecurity.com