Tech news from MIST
Ruchira Garai
Threat researchers at Lookout are helping to take down a phishing campaign that has been targeting members of the United States military and their families. The scammers behind the long-running campaign impersonate military support organizations and personnel to commit advance fee fraud, stealing sensitive personal and financial information for monetary gain. The threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address and phone number, and hence could easily steal the victim’s identity, empty their bank account and impersonate the individual online. The campaign’s backbone is a series of websites that have been designed to appear as though they are affiliated with the military. To bring an added touch of authenticity to the sites, the operators add advertisements for Department of Defense services to their malicious content. The sites offer expensive services that are never delivered, or trick users into thinking that they are in a romantic relationship with a member of the military. Fake services offered include care packages, leave applications, and communication permits. Infrastructure indicators coupled with open-sourced intelligence point to Nigeria as the scammers’ operational base. So far, researchers have identified 50 military scam sites tied to this threat campaign, which further investigation showed was linked to other cyber-criminal activity. “We were also able to link this group to numerous other scams advertising fake delivery services, crypto-currency trading, banks and even online pet sales,” wrote researchers. The researchers at Lookout said that they are not the only individuals who are actively working to combat this particular campaign and expressed their thanks to everyone who is working to stop the scammers.
Abridged fromInfoSecurity Magazine
Click here to see the original postShare this article