Saturday, December 7, 2024
HomeCyber Security NewsNew Phishing Attack Targeting Corporate Internet Banking Users

New Phishing Attack Targeting Corporate Internet Banking Users

Published on

SIEM as a Service

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.

This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating bank representatives to deceive victims into providing sensitive banking information.

The attack begins with a phone call from individuals pretending to be bank officials. These imposters inform unsuspecting victims that their Internet banking certificates have expired, a claim designed to create a sense of urgency and panic.

- Advertisement - SIEM as a Service

Under the guise of rectifying this issue, they solicit personal information from the victims, including crucial banking credentials.  

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

A recent tweet from HackManac shared that the nationwide phishing scam targeting corporate internet banking users has been reported in Japan.

Exploitation Details

Following this initial contact, victims receive phishing emails containing malicious links. These emails are designed to look legitimate and are crafted to coax recipients into clicking the links, which redirect them to fake websites resembling official banking portals.

Once victims enter their credentials, including passwords and one-time passcodes, these details are harvested by the attackers.

With the stolen credentials in hand, the fraudsters proceed to access the victims’ bank accounts.

The ultimate goal is to transfer funds from the victims’ accounts to unrelated corporate accounts controlled by the attackers. This highly organized scheme poses a significant threat to corporate banking users, potentially leading to substantial financial losses.

Japanese cybersecurity researcher, @piyokango, has been actively monitoring this phishing campaign.

In a recent post, he shared a diagram illustrating the entire process, from initial contact to the unauthorized transfer of funds.

The diagram underscores the meticulous planning behind this scam, highlighting the need for heightened vigilance among Internet banking users.

In response to this threat, banks and cybersecurity experts in Japan have issued urgent warnings to corporate clients.

Users are advised to verify any unusual communication purportedly from their banks and to avoid clicking on suspicious email links.

Implementing multi-factor authentication and regularly updating security settings are also recommended to enhance protection against such phishing attempts.

Corporations must remain vigilant and proactive in safeguarding their financial assets against these evolving cyber threats.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...