"New Phishing Campaign Luring Users With Fake Surveys and Giveaways"

Group-IB security experts have uncovered a new global cyberespionage phishing campaign aimed at harvesting users' personal and financial information. The malicious campaign has been targeting users in more than 90 countries, including South Korea, Italy, Canada, and the US. The scammers behind it used fake surveys and impersonated different brands. According to the Group-IB researchers, over 120 global organizations have been mimicked by the campaign. Attackers sent fake invitations to victims to participate in a survey for a prize. The survey link took victims to a hacker-controlled phishing site that gathers sensitive data, including users' full name, email, postal address, phone number, bank card data, and more. Various digital marketing tools such as contextual advertising, SMS, mailouts, and pop-up notifications were used by the fraudsters to lure victims. Group-IB found that the fraudsters registered domain names that look like the official ones. They also discovered that a user gets caught up in traffic cloaking after clicking the targeted link, which allows cybercriminals to display different content to different users based on certain parameters. More than 10 million people were reportedly impacted by this scam, with damages totaling an estimated $80 million per month. This article continues to discuss the tactics, tools, targets, and impact of the new global phishing campaign. 

CISO MAG reports "New Phishing Campaign Luring Users With Fake Surveys and Giveaways"