By Dancho Danchev
What is the Russian underground up to when it comes to ‘spear phishing’ attacks? How prevalent is the tactic among Russian cybercriminals? What “data acquisition tactics” do they rely on, and just how sophisticated are their “data mining” capabilities?
Let’s find out by emphasizing on a recent underground market advertisement offering access to data which can greatly improve the click-through rate for a spear phishing campaign. The irony? It’s being pitched as “spam leads”.
Sample screenshot of the Russian “spam leads” offered for sale:
Second screenshot of the Russian “spam leads” offered for sale:
Third screenshot of the Russian “spam leads” offered for sale:
The “spam leads” include market sector, market segment, type of company, city, full name of the company, postal address, fax, phone number, email, Skype, web site, as well as the GPS coordinates.
- Consider going through the following posts to get the “big picture” on how the spam ecosystem really works – Millions of harvested emails offered for sale; Millions of harvested U.S government and U.S military email addresses offered for sale; New DIY email harvester released in the wild; A peek inside a managed spam service; Mobile spammers release DIY phone number harvesting tool
While the seller is (thankfully) not aware of the true underground market potential of their harvested/compromised/fraudulent opt-in type of data, others are, and will definitely take advantage of the fact that such a database is currently offered for sale. It’s also worth discussing some of the most popular “data acquisition tactics” that cybercriminals rely on when selling such type of data.
There are several tactics a cybercriminal can leverage to gain access to this type of data:
- Fraudulent opt-in offers – this concept is fairly simple – your company receives an email about possible inclusion in a fake business directory, but must either pay for it first (advance fee fraud element) or sign a contract which allows the scammers to legally re-bill the company. Cybercriminals behind these attacks leverage collected data to launch spear-phishing attacks, targeting thousands of companies across the globe.
- Hacked databases – in terms of quality data nothing compares to the “value” of a hacked database. Users entrust sensitive and personal details to the service maintaining it, and it is therefore a gold mine for potential spear phishing campaigns if compromised.
- Harvest publicly obtainable data by outsourcing the CAPTCHA-solving process – In 2013, CAPTCHA is dead! Low-waged CAPTCHA solvers in developing countries killed it. Keeping this in mind, it shouldn’t be surprising that money mule recruiters actively harvest data from job/career web sites; and other cybercriminals are doing exactly the same while targeting legitimate Web properties that exclusively rely on CAPTCHA to prevent such types of automatic abuse.
We advise users to be extra cautions before trusting an email offer that knows too much about you. This includes emails sent from trusted friends. Protect yourself by following up through alerting your friends and/or the abused service or company if you suspect foul play.