New Phishing Campaign Delivers Fake Invoices
By: Jim Stickley and Tina Davis
October 8, 2017
The name Dridex may be familiar to some. Recently, it was found by researchers at Trustwave in yet a new form that targets users of the cloud-based accounting firm, Xero. It is one of the most notorious banking Trojans and is designed to hang out on the infected computer and monitor browsing activity. It lurks in the background just waiting to steal sensitive information that is related to financial institutions in a list. It’s been active over the past year and has been evolving with each iteration.
An email message arrives with a subject similar to “Xero Billing Notifications” with a sender’s email address from the domain “xeronet.org,” which is not the correct name of the company's website. So don’t be fooled by this. Inside the email message are several links that appear to go to different places, but when the links are clicked, malware is executed hat steals personal and sensitive information.
1. Phishing is still the primary way malware makes its way onto computers, mobile devices, and networks. Although the phishers are getting better at fooling us, there are still some clues that an email may be doing the bidding of cybercriminals.
2. If you are not expecting an email from the sender with any links or attachments, confirm that it was intended and is not malicious before clicking anything. Don’t reply to the sender. Instead, use the telephone, a text message, a personal visit, or a completely new email sent to an address you know belongs to the sender to ensure the link is safe to be opened.
3. Hover over links with the mouse pointer before clicking. When you do this, you can see the entire link address. If it looks odd, don’t trust it. You can hold down for several seconds (at least three) on mobile links to see the entire address too. Just be careful to hold it long enough so it doesn’t accidently redirect you to that link.
4. Phishers still make typos and fail to punctuate properly from time-to-time. Watch for those clues.
5. No matter how many tools are implemented, a large amount of spam still makes it through to your inbox. Anti-malware and spam filters may take care of some of it, but it certainly doesn’t catch it all. So, always pay attention to the message and what it’s asking before clicking anything.