Summary:
The rise of online services has led to an increase in identity theft risks through scam websites. A recent phishing attack aims to steal personal identification by tricking users into uploading sensitive documents and using facial recognition. This sophisticated tactic manipulates users into providing personal information under the guise of account verification, posing significant threats to individual and organizational security.
#IdentityTheft #PhishingScams #OnlineSecurity
The rise of online services has led to an increase in identity theft risks through scam websites. A recent phishing attack aims to steal personal identification by tricking users into uploading sensitive documents and using facial recognition. This sophisticated tactic manipulates users into providing personal information under the guise of account verification, posing significant threats to individual and organizational security.
#IdentityTheft #PhishingScams #OnlineSecurity
Keypoints:
- Online convenience has increased the risk of identity theft through scam websites.
- Phishing attempts are designed to manipulate users into providing personal information.
- Scammers create a sense of urgency to prompt users to click on malicious links.
- Malicious websites may disguise themselves as legitimate CAPTCHA verification pages.
- Indicators of illegitimacy include unrelated domains and vague explanations for information requests.
- Scammers may request users to upload government identification documents and perform facial recognition checks.
- Biometric verification processes are being exploited by scammers to steal personal data.
- Recognizing red flags in emails can help prevent identity theft.
- Enhanced cybersecurity protocols and public education are necessary to combat these threats.
MITRE Techniques
- Phishing (T1566): Utilizes deceptive emails to trick users into revealing sensitive information.
- Credential Dumping (T1003): Attempts to collect user credentials through malicious means.
- Data from Information Repositories (T1213): Targets sensitive data stored in user documents or databases.
- Input Data Manipulation (T1203): Exploits user input fields to capture sensitive information.
- Remote Access Tools (T1219): Employs tools to gain unauthorized access to user devices.
IoC:
- [domain] agrosolosap[.]com[.]br
- [url] hXXps://linktr[.]ee/verfyd151
- [url] hXXps://ingress[.]linktr[.]ee/uLZfGRmpj7
- [url] hXXps://cier[.]ge/208[.]109[.]232[.]214
- [url] hXXps://agrosolosap[.]com[.]br/wp-includes/pomo/home/hXXps://agrosolosap[.]com[.]br/wp-includes/pomo/home/selfie[.]php
- [ip address] 151[.]101[.]130[.]133
- [ip address] 151[.]101[.]194[.]133
- [ip address] 151[.]101[.]2[.]133
- [ip address] 151[.]101[.]66[.]133
- [ip address] 108[.]179[.]253[.]64
Full Research: https://cofense.com/blog/the-dangerous-blend-of-phishing-for-government-ids-and-facial-recognition-video