Social Engineering













        MailGuard Discovers New Phishing Campaign Targeting Telstra Customers. MailGuard, the email spam and
        virus filter, has identified a new fraudulent email campaign that has been targeting inboxes across Australia.
        The scam email is designed to look like a notification from Telstra, with the subject: “$500 Citibank prepaid gift
        card reward.” Once opened, the message displays the telecommunications giant’s logo, complete with a
        display name ‘Telstra’ and a domain to match. The email actually originates from a single, forged email
        address, and it prompts recipients to click on a ‘claim link’ to redeem their gift card reward before
        ‘18/10/2019’.
                Source:     https://www.itsecurityguru.org/2019/10/16/mailguard-discovers-new-phishing-campaign-
                targeting-telstra-customers/



        Expert Recommendation On New Phishing Scam Asks For Bank PIN By Phone. Digital lawyer Peter Gundst
        details a phishing scam in which a caller claimed to be from his bank, asking him if he had used his card in a
        remote city (https://twitter.com/DigitalLawyer/status/1181348689756864513?s=20).         When he said he
        hadn’t, the caller “blocked” the transaction and asked for his PIN and said they were sending a “verification
        PIN” that the victim read back. He later realized that his password was reset with the verification number the
        fraudster sent to his phone. A KnowBe4 expert offers advice on detecting similar scams.

                Source:     https://www.informationsecuritybuzz.com/expert-comments/expert-recommendation-on-
                new-phishing-scam-asks-for-bank-pin-by-phone/



        Percentage-Based URL Encoding Used by Phishers to Evade Detection. Digital criminals used percentage-
        based URL encoding to help their phishing campaign evade detection by secure email gateways. At first glance,
        the top-level domain for the hyperlink button appears to be google.lv, the home page for Google Latvia. It
        therefore doesn’t raise red flags with many perimeter security tools. But a closer look reveals that the
        hyperlink employs “hxxps://google.lv/url?q=,” which tells Google to query a specific URL or string. In this case,
        the string employs URL encoding by which it replaces ASCII characters with a “%” symbol followed by two
        hexadecimal digits. Cofense explains that this technique helped the campaign further fool URL and domain
        checks by perimeter security solutions.
                • Most web browsers recognize URLs that contain hexadecimal character representations and will
                  automatically decode them back into ASCII on the fly without any user interaction. When users click
                  on the hyperlink within the email, they are redirected through their browsers to Google to query the
                  encoded string. This is recognized as a URL to redirect the user to the final destination of the
                  malicious payload.
                Source: https://www.tripwire.com/state-of-security/security-data-protection/percentage-based-url-
                encoding-used-by-phishers-to-evade-detection/











                                                    www.accumepartners.com
                                                                                                                     9