Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Phishing trap for One Drive users. How to avoid falling prey?
Cybercriminals often use very cunning and inventive tricks to manipulate victim’s mind in phishing attacks. They aimed at eliciting data in such a way the victim doesn’t aware of it. For that purpose, the crooks use social engineering tricks. Recently Comodo specialists discovered a phishing attack that consists of a rather complicated chain of tricks to deceive the users and cover the tracks to make detecting the attackers harder. The attack was targeted at Microsoft One Drive users. Many of them keep their important documents, logins and passwords there, so it’s a real tidbit for a cybercriminal.
The perpetrators sent out phishing email that asked users to log in to their One Drive accounts and contained a link to the One Drive sign in page. But, in reality, the link leads to the phishing website.
If a user clicks on the link, he gets to the following page.
As you can see, it imitates real One Drive page. Not only the logo but also even favicon seems to be Microsoft’s original. More of that, even the lock sign of secure connections is present, and it’s not faked — the phishing page has real SSL-certificate! The perpetrators used free SSL certificate from “Let’s encrypt” Certificate Authority valid from March 31 2018 to June 29 2018. Obviously, they expect to finish their attack by the date.
But if you look carefully at the browser address bar, you’ll see that URL has nothing to do with Microsoft. As indeed, the link in the email. Let’s examine them closely.
The link in the email is https://kfz-ross.de/6/doc/docs/share/. But if you click, it will redirect you on a URL modified by the hackers: https://kfz-ross.de/6/doc/docs/share/file.html?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=29&id=1775043298
What is http://kfz-ross.de? Is it the perpetrators’ domain? Let’s check it and see what we can find on this URL.
As you can see, it’ looks like a legitimate website. And it really is. It’s the website of a car service company in Germany. So how can it relate to the phishing attack?
The last update of information about the company on the website was made in 2011. And in general, it looks like an out-of-date website without adequate security protection, recklessly abandoned by its owners. Cybercriminals specially look for such websites to use them as a springboard for covering their malicious activity. It helps them to mislead the victims and cover the tracks. When the cybercrime will be detected, the police suspects the website owner in the first turn.
But let’s see what happens if a user takes the bait and put in her credentials.
Unexpectedly, right? You get the message about the error: “Your account password is incorrect. If you don’t remember your password. Please Try Again”. And this time it is not in textual form — it’s an image.
It looks weird for the first sight, is not it? Why do the perpetrators need this construction?
“There can be a few reasons and all of them related to social engineering tricks”, comments Fatih Orhan, the Head of the Comodo Threat Research Labs.” First, it can be done to strengthen the confidence of the users that they deal with the legitimate website. Because for phishers it’s very important to have users staying unaware that their credentials were stolen. Otherwise, if they will suspect something, they can change credentials immediately, so cybercriminals achieve nothing and the whole attack is in vain.
Second, the users often make typos when typing passwords, so the attackers could use this trick to be sure that they got correct credentials”.
After a user enters the credentials for the second time, she will be redirected to a
Google Drive link with the following .pdf file.
Obviously, it does not look like One Drive but it doesn’t look like something malicious also. So inexperienced user, most likely, will be a bit confused but suspect nothing and just forget about the case. Meantime, the attackers will steal her data and use them for their criminal purposes.
Is it a way to prevent this type of attack? Sure. The most effective antidote is awareness.
The matter is that such phishing attacks exploit the common vulnerability of human brain: habit to judge on something by one sign. When a person sees a well-familiar logo, she usually doesn’t go for a deeper check. That’s exactly what the perpetrators count on. Because with paying attention to the link, she would understand easily it has nothing with the real Microsoft One Drive.
So our advice to avoid such scam and outsmart the crooks is simple: always check links and pay attention to your browser address bar. And what is even better, never click on links in emails. Just type the address in the browser with your own hands. Thus, you can be 100% sure that you get exactly to the website you want to get.
Live secure with Comodo!
Tags: phishing attack,phishing email,Phishing Scams
Reading Time: 4 minutes Phishing or Phishing attack is a type of social engineering attack carried out by the online criminals who send out fraudulent communications to users to steal their personal details, such as login credentials, bank account details, and debit or credit card numbers. The Phishing attacker masquerades as a trusted entity tricks their victims into opening…
Reading Time: 3 minutes What Is Phishing? Phishing is a method employed by cybercriminals to access email accounts and systems using deception rather than defeating security protections. In basic phishing attacks, cybercriminals send an email that appears to be legal, tempting the victim to open an attachment or click on a link. This click could result in loading malware…
Reading Time: 4 minutes Cybercriminals’ big hunt for users’ credentials is gaining momentum rapidly. Their strategy usually stays the same: get attention of the victim, use social engineering techniques to make her run a malicious file, and then steal logins and passwords. But the tactic and the malware hackers use constantly changes. Let’s consider in detail the freshest example…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP