Brazilian Government IDs Used as Spear Phish Bait

Brazilians are the target of new and devilishly convincing e-mail-based scams that purport to be official customer communication from a large Brazilian bank and use stolen identity data to convince victims that the message is for real.

According to a post on Kaspersky Lab's Securelist blog, researchers have intercepted phishing e-mail messages that include the name of a large Brazilian bank, the user's name and CPF number - a unique identifier assigned by the government to each Brazilian citizen that is akin to the U.S. Social Security Number. 

Phishing attacks use e-mail messages and Web pages that mimic those of legitimate firms to trick users into divulging sensitive information such as account log-ins, financial account or credit card information, or personal data. The attacks frequently rely on e-mail messages, instant messages or social networking posts with links to phishing Web pages dressed up to look like legitimate sites. These phishing pages might push malware out to visitors, by exploiting common application vulnerabilities, or simply lure them into "logging in" to the phony site, divulging their credentials. 

The e-mail messages identified by Kaspersky Lab researchers contain links to a malicious Website that attempts to install a Trojan Horse program on victims' PCs. Kaspersky identifies the malware as Win32.Delf. 

As in the U.S., large scale and smaller data breaches, hacks and the inadvertent loss of sensitive data have turned confidential CPF numbers into a commodity. By coupling a user's name and CPF with their e-mail address, phishers can craft convincing attack messages and Web pages. These kind of targeted attacks - often described as "spear phishing" attacks - are commonly used to attack high profile or valuable targets. However, as Kaspersky points out, the ready availability of pilfered data makes it possible to craft such attacks even for rank and file consumers. 

A report by the Anti Phishing Working Group recently noted a big drop in phishing activity, which it attributed to a shift by the Avalanche phishing group from identity theft to malicious code distribution using its massive botnet infrastructure. 

Commenting on this Article is closed.