HomeCII/OTUSPS Impersonators Use PDFs to Gain Trust in Smishing Attacks

USPS Impersonators Use PDFs to Gain Trust in Smishing Attacks

Published on

spot_img

Attackers posing as the US Postal Service (USPS) have launched a widespread mobile phishing campaign that exploits people’s trust in PDF files. This campaign, discovered by researchers at Zimperium zLabs, uses a unique evasion tactic to steal credentials and compromise sensitive data through SMS phishing (smishing) attacks.

The attackers behind this smishing campaign send out malicious SMS messages to individuals, claiming that their package cannot be delivered due to “incomplete address information.” These messages prompt recipients to click on a PDF file, which contains a malicious phishing link. Clicking on the link redirects individuals to a landing page that requests personal information such as name, address, email, and phone number. Subsequently, individuals are asked to provide payment card details under the guise of needing to pay service fees for successful delivery of their package.

Fernando Ortega, a researcher at Zimperium, highlighted that the attackers exploit the perception of PDFs as secure and trusted file formats to increase the likelihood of recipients opening them. ZLabs researchers uncovered over 630 phishing pages, 20 malicious PDF files, and a network of malicious landing pages associated with the campaign. This large-scale operation has the potential to impact organizations in more than 50 countries.

Moreover, the attackers employ a sophisticated technique to hide clickable elements within the campaign, ensuring that most endpoint security solutions struggle to analyze these hidden links and detect the threat effectively. Ortega emphasized that cybercriminals continue to evolve their tactics by leveraging trusted file formats and advanced evasion methods to deceive users and compromise their data.

The attackers utilize their knowledge of the internal structure of PDF files to create a new evasion tactic that makes it challenging for automated security systems to identify suspicious activity. By embedding clickable links in PDFs without using the standard /URI tag, the attackers prevent security solutions from extracting URLs during analysis, thereby evading detection. This technique has been successful in bypassing several endpoint security solutions that can detect the same URLs when the standard /URI tag is used.

While campaigns that impersonate reputable brands like the USPS are not new, the scale and complexity of the latest USPS impersonation efforts pose a significant threat. This trend highlights the importance of addressing the issue of unsecured mobile devices in the workplace. To combat such threats, experts recommend adopting a layered security approach that combines employee education with multifactor authentication (MFA) to prevent credential compromise. Additionally, implementing zero-trust security frameworks with privileged access management (PAM) solutions can further reduce risks by restricting access to sensitive systems and only allowing authorized users to interact with critical data.

Source link

Latest articles

Can Your Security Measures Backfire on You?

In the realm of cybersecurity, the age-old concept of breaching defenses to launch an...

Domain extension ‘.bank.in’ aims to prevent cybercrime – MSN

The Reserve Bank of India (RBI) has introduced a new initiative to combat digital...

Hackers exploit exposed ASP.NET machine keys to compromise IIS servers

Microsoft threat researchers detected a ViewState code injection attack in December 2024, revealing a...

SWE Urges Action in Response to Administrative Executive Orders

SWE Calls for Action in Response to Administrative Executive Orders In a proactive move to...

More like this

Can Your Security Measures Backfire on You?

In the realm of cybersecurity, the age-old concept of breaching defenses to launch an...

Domain extension ‘.bank.in’ aims to prevent cybercrime – MSN

The Reserve Bank of India (RBI) has introduced a new initiative to combat digital...

Hackers exploit exposed ASP.NET machine keys to compromise IIS servers

Microsoft threat researchers detected a ViewState code injection attack in December 2024, revealing a...