Impersonating real websites is a popular method used by threat actors to trick victims into clicking and thereby obtain sensitive data.
In a campaign uncovered by Check Point security researchers, the attackers spoofed the website of an entire trade show. Anga Com is Europe's leading trade fair in the broadband and media distribution industry. More than 22.000 people from 470 companies take part in the international fair. Network operators, outfitters and content providers meet on site to exchange views on all broadband and media distribution issues. This year's event took place on May 23rd and 24th in Cologne. In the wake of such trade fairs, the participants receive the lead lists of the other guests in order to be able to network further.
Lead system as gateway
In the present case, however, cybercriminals have infiltrated the lead system in order to direct participants to a fake website from which they can then steal data. This is not particularly difficult. However, it is interesting that the attackers send the email a few days after the end of the conference in order to simulate an official follow-up. Users can be tricked into clicking on questionable content for many different technical and social reasons. At first glance, a malicious attachment can look like an invoice related to the alleged victim's work or, in this case, fake an official message from a trade fair organizer.
In addition to technical measures such as installing website blockers, companies should invest in the "last line of defense", i.e. their employees. Attackers typically rely on victims not to think twice before clicking and opening something. Security awareness training enables employees to learn how to thwart phishing and other social engineering attacks through vigilance and hands-on practice.
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.