Europe’s prestigious Anga Com Conference, which focuses on the broadband, television, and online industries, is being targeted by cybercriminals who are using the platform to access personal data via a phishing scam. This attack involves hackers pretending to be representatives from Anga Com and sending out fraudulent emails and web pages to solicit login credentials and personal information from unsuspecting victims. The hackers have created fake website pages on legitimate developer sites, making it more challenging for victims to detect the scam.
Security researchers from Avanan, a subsidiary of Check Point Software Technologies, have uncovered the details of this sophisticated attack. They have found that the attackers are targeting the lead delivery system used by attendees and companies at the conference to generate interest and revenue from potential clients. Hackers have inserted themselves into this system, gaining access to sensitive company and user data.
In the scam, victims receive a spoofed email that appears to have originated from Anga Com, informing them that someone has shown an interest in their exhibition during the conference. The email entices users with the prospect of generating new business and urges them to click on a provided link to engage with potential clients. The sender’s email address is later found to be an Outlook address and not associated with Anga Com.
Clicking on the link leads users to a deceptive login page designed to mimic the legitimate Anga Com platform. The attackers use Surge.sh, a legitimate web development service, to create a convincing replica of the Anga Com website. The URL of the fake page is angacom-de.surge.sh, while the genuine URL is angacom.de, making it difficult for victims to detect the scam.
This phishing attack combines several techniques, including impersonation, social engineering and credential harvesting. By preying on users’ trust and interest in the Anga Com conference, the hackers capitalize on its popularity and the promise of new business opportunities. The creation of the fake website requires a certain degree of expertise, but cybercriminals can use available tools like Surge.sh to facilitate the process.
Avanan researchers have notified Surge.sh and Anga Com of this incident on discovering the attack. Security services can replace the links in email bodies and attachments to enhance their ability to detect and prevent attacks that hide malicious links.
To prevent phishing attacks like this, security professionals must implement several security measures that thoroughly examine all URLs and emulate the web pages behind them. By leveraging URL protection systems that recognize phishing techniques, such as those employed in this attack, security experts can quickly detect and prevent such malicious activities.
Educating users and employees to hover over URLs and exercise caution when clicking on links can also help mitigate the risks posed by sophisticated phishing campaigns. Companies should also use security awareness training to keep employees informed and prepared, reporting any suspicious emails or web pages to IT immediately.
In summary, the Anga Com Conference is the latest target for cybercriminals looking to steal personal data via a phishing scam. These attackers are exploiting the trust and popularity associated with the event to gain access to unsuspecting users and companies. Staying vigilant and implementing security measures can help prevent such attacks and protect sensitive data.