A new fake invoice scam technique alarms cybersecurity experts.
(Photo : Photo by GABRIEL BOUYS/AFP via Getty Images)
A guest takes a selfie with her smartphone during the Mercedes Benz Fashion Week in Madrid on April 8, 2021. (Photo by Gabriel BOUYS / AFP)
First discovered by the Palo Alto Networks Unit 42, this malicious campaign is proven effective, even without malware infection.
Security researchers of the American multinational cybersecurity firm said the social engineering campaign is worryingly successful.
"By design, this style of social engineering attack leaves very few artifacts because of the use of legitimate trusted technology tools to carry out attacks," said the cybersecurity company via its official report.
Fake Invoice Scam Worries Experts
According to ZDNet's latest report, the attacks are connected to other similar campaigns that rely on phishing emails.
(Photo : Photo by Sean Gallup/Getty Images)
A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.
Also Read: Cyberhackers Rob $300,000 From DraftKings Via Credential Stuffing Assault
The Palo Alto Networks said the newly detected incidents were specifically linked to the so-called Silent Ransom Group callback phishing extortion campaign.
The cybersecurity organization added that the new malicious campaign could conduct extortions without encryption.
The recent phishing campaigns that the new fake invoice scam technique is related to commonly trick victims into installing the BazarLoader backdoor malware.
This malware can access the network to steal user data. Once that happens, hackers can blackmail victims into paying them to prevent information leakage.
But, the new malicious campaign no longer needs to install malware just to victimize companies, including those in the legal and retail industries.
The New Luna Moth Campaign
Palo Alto Networks' Unit 42 calls the new fake invoice campaign "Luna Moth." The cybersecurity group said that this malicious method skips the malware infection.
Despite the absence of malware downloads, the phishing scam is still proven effective.
As of writing, hackers behind the campaign already stole hundreds of thousands of dollars from legal firms, as well as retail and other business sectors.
It starts with hackers sending phishing emails to their victims. They will prevent sending a credit card invoice, complete with a PDF attachment.
Victims will only be asked to receive around $1,000. The Unit 42 group explained that the amount requested is lower than usual because it is less suspicious.
After that, victims will receive a call from fake call centers.
From there, they will be asked to install a remote administration tool, allowing hackers to gain remote access to their sensitive files and servers.
Aside from the latest Luna Moth campaign, the U.S. faces other potential security threats.
Previously, the U.S. government imposed a bipartisan warning against TikTok.
Cybersecurity experts also claim that hackers can access home security cameras.
For more news updates about Luna Moth and other cybersecurity threats, keep your tabs open here at TechTimes.
Related Article: US Watchdog Claims Offshore Oil, Gas Facilities Targeted by Cyberattackers; OTs Have Security Flaws
This article is owned by TechTimes
Written by Griffin Davis
