Spam and phishing mail

A very Russian scam

If you got unsolicited email asking for your employees’ personal details, would you respond? Hopefully, you’d have enough sense not to. But what if the email promised some sort of benefit for your employees? This is what one of the most recent Russian mass mailings has been doing.

The messages supposedly come from a government department, and promise medals ‘for outstanding work’ to those nominated by their organizations. They lay particular stress on these medals being awarded to veterans of the Second World War and other military conflicts. Additionally, the messages promise that a note will be made of the award in the recipient’s ‘work book’. (This is a passport size book which has to be provided to an employer by the employee. It acts as an official record of employment and the lack of a work book, or a negative record can affect employment prospects.)

In addition to the message itself, there’s a form to fill in, which asks for the nominee’s personal details: name, date and place of birth, address, place of work etc. etc.

A quick bit of research shows that the message is a fake – the addresses, phone numbers and email addresses aren’t connected to any government department, and the legal jargon references points of law which don’t actually exist. But if you’re a busy employer, and think that by filling in the form your older employees might benefit, you’re probably not going to bother to do any research. Exactly what the scammers are counting on.

Spam designed to help the bad guys get their hands on personal data is nothing new. What’s interesting about this mass mailing is that it’s very clearly targeting pensioners’ details. My best guess is these details will then be used by the scammers to trick vulnerable older people out of their homes. Sadly, this is all too common in Russia – for instance several workers in the social care sector in Vladivostok were recently convicted of getting pensioners to sign over their property under false pretences.

A very Russian scam

Your email address will not be published. Required fields are marked *



Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox