News / Blog
« Return to News

Hackers are sending Lewd Phishing Lures

Cybercriminals know just about every trick there is to catch potential victims in their data-stealing traps. Bogus apps, hidden malware, or fake advertising are all part of a cybercriminal's technological arsenal. But there is one aspect that scammers target consistently: the human mind.

Tricking a potential victim into clicking on a malicious link takes some skill, but psychologically manipulating them into action takes fraud to an entirely different level. These techniques aren't anything new, yet, they have become more prevalent, especially as a new email campaign is spreading X-Rated content to work inboxes. Scammers launching Spearphishing attacks are now turning to use X-rated phishing lures. A recent report by the Greathorn Threat Intelligence Team found a stunning 974-percent spike, between May 2020 and April 2021, in social-engineering scams involving suggestive materials. 

These attacks are predominately aimed at male-sounding names within companies and do not rely simply on libido for users to click on these suspicious links. Instead, these emails are intended to shock the user, opening the door for the user to make a reckless decision to click. It's a tactic GreatHorn called "dynamite phishing." Having an X-rated email arrive in your corporate inbox can have serious consequences, including the potential of a meeting with Human Resources. 

The goal of the bad actors is to rely on the human desire to act fast and get rid of the message hoping that you will click on one of the many malicious links. "It doesn't always involve explicit material, but the goal is to put the user off balance, frightened – any excited, emotional state – to decrease the brain's ability to make rational decisions" according to the report by GreatHorn. They observed the malicious URLs essentially do one or more of the same three things:

  • Automatic download of a malicious file onto the user's machine,
  • Redirectors that send the user to a dating website where they capture financial information, and,
  • It is tracking user behavior for a secondary attack – extortion.

Scammers use a tactic called email pass-through to track their victims.

In these attacks, the cybercriminals leverage the information they gleaned thanks to the malicious links to set up a second stage." GreatHorn included an example of the type of X-rated phishing lure, which consists of a your-place-or-mine proposition:

 

Source: GreatHorn.

 

The link, the researchers explained, would take the user to a photo site, then to a scam dating site, which in this case is at hungrygrizzly.com. According to GreatHorn, "user data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing or committing further frauds,"

This is just further proof that as we continue to work remotely and on personal devices in flexible work arrangements, our personal and work data are at risk. Cybercriminals continually refine and implement new kinds of phishing and social engineering scams, making it more difficult for people to be aware of the ever-increasing threats. Implementing a solid security awareness program with PhishingBox can protect not only you but your company and give your employees the knowledge to diagnose potential hazards before data (either theirs or yours) is taken and utilized for malicious purposes. If you would like to see how to protect your employee's data from bad actors, you can schedule a demo today!

 

Posted by PhishingBox on 06/09/2021
Read More Phishing Facts | Take a Free Phishing Test
View our Security Awareness Training for Employees





Protect Your Employees!

Try our Phishing Simulation Software

Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.


 

Receive
Phishing Alerts

Learn about recent security breaches that involve phishing and receive security tips and tricks to protect your business.

* indicates required