Phish dating site
The malicious mailings targeted people from different countries and came in a variety of languages. The usual trick of presenting dangerous content as important delivery information was employed by the fraudsters to make recipients open the attachment.As a rule, the distribution of password-protected archives serves two purposes.First, it is a form of social engineering, with the attackers emphasizing that all confidential data (such as business accounts) is additionally protected by a password.The media frenzy surrounding the Wanna Cry ransomware played into spammers’ hands, as all high-profile events usually do.
They were obviously targeting the corporate sector.
While the majority of similar ransomware samples require some sort of user input before a computer is infected, Wanna Cry could do so without any user actions.
It attacks the target using a Windows exploit and then infects all computers within the local network.
The link to the supposed update, of course, led to a phishing page.
We came across emails that showed the attackers hadn’t taken much care when compiling their mailings, obviously hoping their victims would be in too much of a panic to notice some obvious mistakes (sender’s address, URLs, etc.).
One such scheme disclosed by our colleagues is described here.