Warning: Beware of fraudulent phone calls on behalf of ČSSZ
The Czech Social Security Administration (ČSSZ) warns of an ongoing campaign of fraudulent phone calls.
Masaryk University's cyber security team warns of a recurring malware campaign exploiting a fictitious sender identity and the name of Masaryk University.
This is the same campaign we alerted about last August. Both then and now, the campaign is spreading across various organizations in the Czech Republic. The attack proceeds by recipients receiving an email with the subject "Request for quotation: MUNI//2403-06CZ" with malware in the attachment.
In the e-mail, the attacker impersonates Tomáš Podolec, the alleged "MUNI Purchasing Manager". But this person does not exist at Masaryk University (MU); the email headers have been spoofed, and the email is sent from mail servers located in Great Britain. So, it is not a compromised account or device on MU.
In phishing emails, the attacker uses several techniques to make the email look credible and create a sense of urgency in the recipient of the email:
a) The email header
b) Email body
c) The email footer
You can see a sample of the fraudulent email in the image below. Malware is attached to the e-mail – a so-called Trojan horse from the family that manufacturers of various antiviruses refer to as Makoob, GULoader, or Nekark. The Trojan aims to gain control over the victim's computer and thus enable the attacker to carry out further malicious activity. Here, the attacker quite amateurishly only changed the executable file extension for Windows before inserting it into the attachment from .vbs to .pdf.rar, apparently trying to bypass the automated spam filters of mail servers.
Since these emails are being sent from external mail servers, it is very difficult to prevent their distribution. In short, the best defense is an educated user who can identify fraudulent messages!
Phishing messages are written in such a way that, at first glance, they are as closely related as possible to the work focus of the recipient, which arouses the tendency to click on them and then take further actions according to the instructions in the message (for example, open an attachment with malware). Their insidiousness also lies in their ease of disguising themselves among other work messages.
If you receive a similar message, follow a few rules:
It goes without saying that your computer's software should also be up-to-date, and above all, an antivirus should be installed, which should recognize this type of attack and safely remove malware from the attachment.
The Czech Social Security Administration (ČSSZ) warns of an ongoing campaign of fraudulent phone calls.
The Cybersecurity Team of Masaryk University found a higher threat of phishing attacks, which aim to trick and manipulate users into behaving as the attacker demands. Therefore, we urge all Masaryk University users to be vigilant and cautious.