Scam of the week – APT35

Scam of the week – APT35

This week’s scam is run by a collective of cybercriminals called APT35.

APT35 have been specifically targeting well known organisations from Government to Journalists and Education sectors. APT35 created fake websites for partners of their victim businesses and carried out the attacks by sending phishing emails to their targets.

An example of the attacks they undertook included fake links to upcoming ‘Webinars’ their targets may have been interested in. As you’d imagine, the links then took viewers to the fake website they already had in place. The landing page included a registration form which requested personal details, including names and email addresses.

With the collected data, APT35 were able to access full email accounts, personal information and ultimately the organisations info too. This is a very common form of security breach that could have been avoided for many companies, primarily just with employee education.

Here are our tips for avoiding these pre-empted attacks:

 

  • Be sure you trust where emails originate from! A lot of cybercriminals use similar details to official organisations, but there will most likely be some clues that indicate the email did not come from a reliable source. Check the email address is accurate. For example, info@tmtech.co.uk is a legitimate email, info@help.tmtech1.uk.com looks similar but isn’t the official domain. If you aren’t sure, DO NOT INTERACT and contact your IT or cyber security team.
  • Be aware of any warning signs. Most legitimate emails are sent during standard work hours, so if an ‘urgent’ email comes through at 1am, be mindful that this is strange behaviour. Also, most official company correspondence is thoroughly checked before being sent, so be extra careful with content that has multiple grammar or spelling mistakes.
  • If you aren’t sure, ask! Ask your internal IT or security team to verify an email or text for you if you aren’t sure it’s safe. If you don’t have an internal team, it would be beneficial for you to consider investing in an outsourced service to keep your business secure.
  • Don’t interact with content you don’t know or weren’t expecting. A lot of the time the emails/texts/calls will be out of the blue. If you don’t have an IT or cyber security team you can check with, it is safer to proactively contact the business directly and check that the communications you’ve received are both safe and legitimate. For example, if you get an email from your bank saying you’re owed money, instead of calling the number on the email, use a search engine to find the real phone number and contact the business this way.