Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing.
IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link.
“The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year,” IBM explains.
“The emails contain personalized information such as the victim's IBAN, BIC, first name, last name, and full address, making the message appear authentic. The email includes a ‘cancel subscription’ button, which links to a convincing replica of the Amazon Prime login page. When users enter their credentials in an attempt to cancel the subscription, their information is captured by the attackers. Some variations of the attack ask for the victims’ full credit card information.”
The campaign is ongoing and has increased in intensity over the past few weeks. Nearly all the victims are located in France.
“At the end of March and early April, the phishing campaigns were already very effective, drawing hundreds or even thousands of victims per hour to malicious sites,” the researchers write. “However, visits to these phishing sites were still sporadic, with large gaps in activity between campaigns.
As April 8th approached, we began to observe constant traffic to the phishing sites. Fast forward to the end of April, we began seeing the move to constant hourly traffic. The traffic is so predictable during the time period between April 22 and April 24 that the night and day differences can be seen, with spikes in the morning and low traffic at night.”
IBM concludes, “This spear phishing campaign illustrates a dangerous evolution in cyber crime, leveraging leaked personal data to increase the efficacy of social engineering tactics. As the digital landscape continues to evolve, it’s crucial for both organizations and individuals to stay vigilant and adapt their security measures accordingly.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
IBM has the story.
Here's what you'll get:
