"Phishing Scam Targets Military Families"

Threat researchers at Lookout are helping to take down a phishing campaign targeting members of the United States military and their families. The scammers behind the long-running campaign impersonate military support organizations and personnel to commit advance fee fraud, stealing sensitive personal and financial information for monetary gain.  The researchers stated that it is clear that the adversaries are looking to steal sensitive data from victims, such as their photo identification, bank account information, name, address, and phone number.  If given the data, the adversaries could easily steal the victim’s identity, empty their bank account and impersonate the individual online.  The campaign’s backbone is a series of websites that have been designed to appear as though they are affiliated with the military. To bring an added touch of authenticity to the sites, the operators add advertisements for Department of Defense services to their malicious content.  The sites offer expensive services that are never delivered or trick users into thinking that they are in a romantic relationship with a member of the military. Fake services offered include care packages, leave applications, and communication permits.  Infrastructure indicators coupled with open-sourced intelligence point to Nigeria as the scammers’ operational base. So far, researchers have identified 50 military scam sites tied to this threat campaign, which further investigation showed was linked to other cybercriminal activity.

Infosecurity reports: "Phishing Scam Targets Military Families"