Phishing that exploits supply chain anxiety stemming from the prolonged Middle East war is reportedly rampant.
AhnLab said on the 15th that a phishing email disguised as an official notice of unit price increases had recently appeared, attempting to steal account information.
According to AhnLab, the attacker distributed phishing emails by posing as a partner company with the subject line "Official notice of unit price increase." The body of the email included the phrase, "Due to the recent rise in raw material prices, we are unavoidably implementing a unit price increase," and induced clicks on an attachment by urging recipients to check the related official notice.
When the attached "Official notice of unit price increase" PDF file is executed, a screen appears saying a PDF viewer must be downloaded. A hyperlink is embedded in the screen's "Download" button, and clicking it connects to a phishing site disguised as a login page.
If a user, mistaking it for the procedure to download a PDF viewer, enters an email account and password into the fake login window, the information is sent to the attacker's server. An AhnLab official said, "Stolen account information can be exploited for various malicious activities, including intrusions into corporations' internal systems and additional phishing attacks, so caution is needed."
To prevent damage, AhnLab urged users to follow basic security rules, including verifying the validity of the sender's email domain, refraining from executing attachments and internet addresses (URLs) in emails with unclear senders, applying the latest security patches to PCs, OSs (operating systems), SW (software), and internet browsers, and enabling real-time monitoring functions in antivirus programs.
Lee Ik-gyu, a manager on AhnLab's analysis team who examined this case, said, "Phishing attempts that exploit high-interest industry issues, such as supply instability of raw materials originating from the Middle East and a sharp rise in memory prices, may continue and cause people to mistake them for normal business emails," adding, "Even if the email is work-related, you must verify the sender's email address, attachments, and the authenticity of URLs, and never enter personal or account information on suspicious websites."