In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
A new phishing campaign was discovered sending more than 550 million emails within the first quarter of 2018, according to data from Vade Secure. The threat was discovered in early January and has primarily hit users in the US, UK, France, Germany, and the Netherlands.
Victims receive emails disguised to come from popular brands and services in their home country. Attackers try to steal their banking information by offering coupons or discounts in exchange for their participation in an online quiz or contest.
Experts believe a serious criminal organization is behind this campaign, which doesn't use pirated websites as many phishing attacks do. This one appears to use leased and legitimate IP addresses, servers, and domain names, which would drive infrastructure costs up to tens of thousands of dollars. They also use tools to shorten URLs and conceal the ultimate destination.
These sophisticated techniques caused the threat to bypass many existing email security tools, researchers report. Read more details here.