A new phishing scam has been identified that attempts to obtain the login credentials and phone numbers of staff members. The new hacking scam utilizes blurred images of invoices to trick victims into sharing sensitive information. If someone wishes to view the document or spreadsheet in higher resolution, the victim must provide their email address and password. It is not clear whether this blurred image phishing scam is being employed for targeted attacks on businesses or whether the emails are being sent out with a ‘scatter gun’ approach.
A number of alternative versions of the same scam have been identified by the Internet Storm Center, each of which uses a different file to fool the reader.
The initial email seems to have been shared from a legitimate company – a well-known company likely to be very familiar to most corporate users. The emails include corporate logos and are well articulated. They include a link that must be visited to view a purchase order or invoice.
VIsiting the link will bring the email recipient to a webpage where they are shown what appears to be a legitimate document. The hackers use a screenshot of an excel spreadsheet (or word document) which seems to be blurred. The screenshot was captured on a low resolution yet is shown in high resolution to ensure it cannot be read, although it is obvious what the document is.
For a reader to view the file they must enter their email and password in a popup box to confirm their identity. The popup requests the victim’s email account credentials. The hackers use a JavaScript file to validate the email address.
The login details are gathered and shared with the hacker along with the victim’s location and IP address. Users are then taken to a fake Google authentication portal where they are asked to provide their phone number. If the victim provides their details and clicks to view the document, a PDF file will open.
This blurred image phishing scam is not exactly complicated or sophisticated – it employs simple JavaScript, HTML and PHP – but it is still likely to be successful. The blurred images and company images may be sufficient to trick many users into believing the emails are authentic.