Cybersecurity researchers recently found a highly effective phishing campaign. In a blog post, Cofense experts described it. The campaign involves impersonating a car insurance company. Emails are brief and straightforward. They don’t contain anything notably harmful. Many emails include a Google Ad link. This likely helped them get past secure email gateways and into people’s inboxes.
The email informs recipients they’re eligible for up to 10% of their car’s latest value annually. If they’ve owned the car for multiple years, they can claim previous payouts too. The promise of money remains appealing, especially given the current global economic situation, the researchers noted.
Hijacking a Legitimate Website
Victims are directed to blawx[.]com for more information. Previously legitimate, the site is likely hijacked and repurposed for this scheme. It promises instructions for claiming funds, but the download is a JavaScript that installs the NetSupport Remote Access Trojan (RAT).
NetSupport Manager, the basis for the RAT, is a genuine tool for remote access, utilized by tech support for over 20 years. However, it has been hijacked by hackers to gain unauthorized entry into target devices.
The extent of targeting and successful deception remains unknown, but Cofense characterizes the campaign as “relatively small.”