A year-long investigation dubbed, Operation Falcon, jointly run by INTERPOL and Group-IB working closely with the Nigeria Police Force, was tasked with identifying and locating cybercrime threats. The task force spent a considerable amount of time trying to deactivate a massive phishing ring that has targeted over 50 000 victims in a major global scam. The scam unleashed a whopping 26 different malwares, wreaking havoc and bringing people and corporations to their knees.
The ‘ring’ includes a group of Nigerian nationals who have been working hard to infiltrate the systems of individuals and organisations. They would then launch scams to siphon funds out of the victims’ accounts.
Among the victims were private-sector companies as well as government departments in over 150 countries. The group, which is aptly being called a “gang” has been operating this phishing scam since as early as 2017.
how phishers phish
Much was learned from observing and monitoring this latest phishing bust as to exactly how cyber-criminals bo about the process. Phishing isn’t a new concept, but many people still don’t understand how they end up falling for a phishing scam.
The reality is that phishing scams have become far more professionally managed in recent years.
The key to dealing with phishing scams is in understanding how they work.
First and foremost, these gangs don’t simply attempt to impersonate a company executive or a person that someone within the company will trust…they fully immerse themselves into the process. They learn everything they can about the company’s communication styles, the vendors they use, the billing system practices that they follow and a great deal of other information that you would only expect a trusted individual to know.
And then they use that information to make a very believable impersonation. Everything about the communication a targeted victim receives seems legitimate and that’s why they fall for it. They end up providing sensitive information or clicking on a malicious link or attachment without ever questioning the authenticity of the mail.
don’t get caught out by a phishing scam
Be alert, always. It’s all too easy to accept a mail from a manager or colleague and click on the links provided or share sensitive information because you “know” them. Keep in mind that sensitive information should never be shared online and unless you are expecting a specific document or information from someone, never trust a link or attachment without first verifying the sender.
With the New Year approaching, now is the time to take a look at your current security measures to see where you can improve on them. Be alert and aware – phishing scams are undoubtedly on the rise.