Spam and phishing mail

A very Russian scam

If you got unsolicited email asking for your employees’ personal details, would you respond? Hopefully, you’d have enough sense not to. But what if the email promised some sort of benefit for your employees? This is what one of the most recent Russian mass mailings has been doing.

The messages supposedly come from a government department, and promise medals ‘for outstanding work’ to those nominated by their organizations. They lay particular stress on these medals being awarded to veterans of the Second World War and other military conflicts. Additionally, the messages promise that a note will be made of the award in the recipient’s ‘work book’. (This is a passport size book which has to be provided to an employer by the employee. It acts as an official record of employment and the lack of a work book, or a negative record can affect employment prospects.)

In addition to the message itself, there’s a form to fill in, which asks for the nominee’s personal details: name, date and place of birth, address, place of work etc. etc.

A quick bit of research shows that the message is a fake – the addresses, phone numbers and email addresses aren’t connected to any government department, and the legal jargon references points of law which don’t actually exist. But if you’re a busy employer, and think that by filling in the form your older employees might benefit, you’re probably not going to bother to do any research. Exactly what the scammers are counting on.

Spam designed to help the bad guys get their hands on personal data is nothing new. What’s interesting about this mass mailing is that it’s very clearly targeting pensioners’ details. My best guess is these details will then be used by the scammers to trick vulnerable older people out of their homes. Sadly, this is all too common in Russia – for instance several workers in the social care sector in Vladivostok were recently convicted of getting pensioners to sign over their property under false pretences.

A very Russian scam

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox