A massive phishing campaign has targeted more than 550 million email users globally since the first quarter of 2018.
Vade Secure security researchers first spotted the campaign in early January with a high concentration of impacted email users include the U.S., U.K., France, Germany, and the Netherlands, according to a recent blog post.
The attacks managed to go under the radar as they weren’t detected by many existing email security solutions since the phishing emails use IP addresses, servers, and domain names appear to be leased and therefore legitimate.
Threat actors are also using URL shortening tools to and are linking several hundred URLs together, in order to hide the ultimate destination address and jam detection tools, researchers said.
The attacks are likely being carried out by a serious criminal organization as the cost of the infrastructure required to carry out attacks on this scale cost tens of thousands of dollars.
The emails masquerade as popular brands, online streaming services, and telecom operators based on the country of the recipients and are designed to steal users’ bank account details by offering them a coupon or discount in exchange for participating in a quiz or online contest.
“The number of unique malwares caught by our filter exceeded the number of unique phishing emails throughout 2017, spiking in November,” researchers said in the post. “With the launch of this new attack in January 2018, however, unique phishing emails surged past malware. In fact, the ratio of phishing to malware was nearly 21:1 in Q1 2018.”
In order to prevent falling for the attacks researchers recommend users remain vigilant even if the email message appears to be coming from a familiar brand and never click the links within suspicious emails.