Researchers at cybersecurity vendor Kaspersky have detected a wave of fraudulent emails designed to make money for cybercriminals. The emails are disguised as lottery offer letters written in Arabic and contains a legitimate website link to make the email look trustworthy, yet in fact invite users to share their personal data in return for a chance to receive their prize money.
According to Kaspersky, in September, its researchers detected at least 7000 attempts to steal credentials, with various versions of the text inviting users to part take. Kaspersky experts believe this campaign is still running and is targeting Arabs and Arabic speakers around the world.
Spam and phishing are the attack vector that withdraw fraudsters from a technological race between cybercriminals and cybersecurity experts. It doesn’t require technical expertise, as it relies on human errors and therefore often succeeds.
The e-mail detected by Kaspersky experts looked like an innocent lottery promo, which along with the link to a website with a credible domain name did not raise suspicion. However, the scheme included a request for commission to receive the prize money, which victim should have payed to be able to come in a possession of a non-existing lottery fortune.
“People may think that spam and mail fraud mean e-mails with incredible offers, weird links and too-good-to-be-true discounts. However, it is important to keep in mind, that even the most innocent infomail might contain hidden traps and result in a loss of personal data and money. Such schemes are very old and widespread yet we can see that they are still successful with unprotected users. We see this particular fraud campaign promoted not only in Arabic, but also in other languages, such localisation shows that criminals make attacks more targeted and successful,” said Tatyana Shcherbakova, Security Researcher, Kaspersky.Click below to share this article