Competitions, Vouchers, Gift Cards and Special Offers
Everyone loves free stuff right? hackers know this too and rely on our human emotion of excitement and curiosity to get us to execute these types of Phishing emails.
Of late I've been seeing a lot of emails masquerading as supermarkets, flight operators and just about anything with these types of emails.
Here are a few examples....
This one is masquerading as Vodafone. Can you spot the indicators that it's a Phish?
You will notice above the link takes us to a suspect .xyz domain called fungoods.xyz. The email address also comes from a completely different domain, not Vodafone and its asking you to complete a market survey. Usually these types of market survey sites are sites designed to hit you with an exploit of some sort and/or harvest personal information.
Here's a similar one that a few people have reported to me. Again, it comes from a completely different domain, but it looks like they got their campaigns mixed up!
Energy companies are also really popular at the moment for various types of Phishing emails. Here is one masquerading as Origin
If we look at the link it takes us too, http://hardviewlink.club it looks like the below. We can see it makes a number of suspicious connections and requests (when I detonated it in IE)
But detonating in chrome (which is what it looks like this site is designed for it presented this screen below with a wheel to spin to win a prize, I thought was a survey? guess they changed their mind.
One the wheel is turning, they are actually launching a bunch of attacks in the background to compromise your PC. This is common in apps and on mobile devices, whereby you are distracted by a game or something else, while an attack is being launched behind the scenes. As I detonated this in a sandbox, the exploit didn't complete, so they gave me an offer to spin again (and launch the attack against myself again)
Here's another campaign claiming I've won a 'voucher'. The claim voucher button actually takes me to another hardviewlink.club malicious address. These types of Bunnings voucher scams are extremely prevalent on social media platforms like Facebook.
These guys have a stack of different domains and templates at their disposal. that they are launching in a widespread campaign targeting victims. Here's another that was reported to me using the same malicious domain, we can see the format is very similar:
Here's some other email formats these attackers are using against their victims.
Here's another one masquerading as Virgin. There is a typo in the name, as well as a different domain in use. Its similar to the others, inviting me to take a survey but in reality, it wants to launch an attack at me. The survey button takes me to a happymail.fun address which was also used in the woolworths campaign above, one of the malicious domains they are using.
Here's another variation:
Here's a similar one masquerading as Kogan.
Here is another one that I received recently. This time claiming to be from Arnotts, we can see it takes us to another one of their malicious domains (fungoods.xyz).
The hardview Phishing emails are now focusing on Travel companies like Jetstar and Qantas:
As you have seen in this post, these new phishing campaigns claiming rewards and gift cards are all designed to compromise your device/PC. They are utilising multiple different domains and formats but are all being launched from the same attackers in one large mass phishing campaign. Look out for these emails and don't fall for them, and most importantly, stay Hack Proof! #phishing #rewardscams #Hardview #scams