Recently, we have noticed a particularly well-crafted phishing campaign sent in the names of large European banks. Several Hoxhunt customers have received and reported this threat across Europe and North America.In most cases, the victim is urged to renew their credit cards for security reasons before they expire. The expiration date is set only two days ahead of when the email is sent to the victim to create a sense of urgency. To boost the sense of urgency even further, the emails state that there is a delay fee for late renewals.
The renewal happens through scanning a QR code that’s included in the emails. Using a QR code is a great tactic to make sure that the email reaches the recipient instead of being automatically removed by email filters. We followed some of the sites behind the QR codes, and we found that most of them had already been suspended or were blank.
We have also discovered several variations of this vector; for example, a prompt for mobile bank verification.Below, we outline our tips on how to stay safe from this type of phishing:
To sum it up, the initial delivery was great, but in the cases we have seen, the landing pages didn’t do the trick. It will be interesting to see what the next iteration of this campaign might bring.