Fake Invoice Scam Worries Experts; Hacking Technique Proven Successful Even Without Malware Infection

New incidents lnked to the Silent Ransom callback phishing campaign were discovered.

A new fake invoice scam technique alarms cybersecurity experts.

Fake Invoice Scam Worries Experts; Hacking Technique Proven Successful Even Without Malware Infection
A guest takes a selfie with her smartphone during the Mercedes Benz Fashion Week in Madrid on April 8, 2021. (Photo by Gabriel BOUYS / AFP) Photo by GABRIEL BOUYS/AFP via Getty Images

First discovered by the Palo Alto Networks Unit 42, this malicious campaign is proven effective, even without malware infection.

Security researchers of the American multinational cybersecurity firm said the social engineering campaign is worryingly successful.

"By design, this style of social engineering attack leaves very few artifacts because of the use of legitimate trusted technology tools to carry out attacks," said the cybersecurity company via its official report.

Fake Invoice Scam Worries Experts

According to ZDNet's latest report, the attacks are connected to other similar campaigns that rely on phishing emails.

Fake Invoice Scam Worries Experts; Hacking Technique Proven Successful Even Without Malware Infection
A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Sean Gallup/Getty Images

The Palo Alto Networks said the newly detected incidents were specifically linked to the so-called Silent Ransom Group callback phishing extortion campaign.

The cybersecurity organization added that the new malicious campaign could conduct extortions without encryption.

The recent phishing campaigns that the new fake invoice scam technique is related to commonly trick victims into installing the BazarLoader backdoor malware.

This malware can access the network to steal user data. Once that happens, hackers can blackmail victims into paying them to prevent information leakage.

But, the new malicious campaign no longer needs to install malware just to victimize companies, including those in the legal and retail industries.

The New Luna Moth Campaign

Palo Alto Networks' Unit 42 calls the new fake invoice campaign "Luna Moth." The cybersecurity group said that this malicious method skips the malware infection.

Despite the absence of malware downloads, the phishing scam is still proven effective.

As of writing, hackers behind the campaign already stole hundreds of thousands of dollars from legal firms, as well as retail and other business sectors.

It starts with hackers sending phishing emails to their victims. They will prevent sending a credit card invoice, complete with a PDF attachment.

Victims will only be asked to receive around $1,000. The Unit 42 group explained that the amount requested is lower than usual because it is less suspicious.

After that, victims will receive a call from fake call centers.

From there, they will be asked to install a remote administration tool, allowing hackers to gain remote access to their sensitive files and servers.

Aside from the latest Luna Moth campaign, the U.S. faces other potential security threats.

Previously, the U.S. government imposed a bipartisan warning against TikTok.

Cybersecurity experts also claim that hackers can access home security cameras.

For more news updates about Luna Moth and other cybersecurity threats, keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics