By ; Basel Khaled
Kaspersky researchers have detected a wave of fraudulent emails designed to make money for cybercriminals. The emails are disguised as lottery offer letters written in Arabic and contains a legitimate website link to make the email look trustworthy, yet in fact invite users to share their personal data in return for a chance to receive their prize money. In a month of September Kaspersky researchers have detected at least 7000 attempts to steal credentials, with various versions of the text inviting users to part take. Kaspersky experts believe this campaign is still running and is targeting Arabs and Arabic speakers around the world. Spam and phishing are the attack vector that withdraw fraudsters from a technological race between cybercriminals and cybersecurity experts. It doesn’t require technical expertise, as it relies on human errors and therefore often succeeds. The e-mail detected by Kaspersky experts looked like an innocent lottery promo, which along with the link to a website with a credible domain name did not raise suspicion. However, the scheme included a request for commission to receive the prize money, which victim should have payed to be able to come in a possession of a non-existing lottery fortune. “People may think that spam and mail fraud mean e-mails with incredible offers, weird links and too-good-to-be-true discounts. However, it is important to keep in mind, that even the most innocent infomail might contain hidden traps and result in a loss of personal data and money. Such schemes are very old and widespread yet we can see that they are still successful with unprotected users. We see this particular fraud-campaign promoted not only in Arabic, but also in other languages – such localization shows that criminals make attacks more targeted and successful,’ – said Tatyana Shcherbakova, security researcher at Kaspersky. To avoid sharing your personal details with fraudsters: Never share your personal information in e-mails from unknown addresses. If the e-mail looks like a mail from a legitimate organization, check their e-mail domain name in the ‘contact’ section on their official website and compare it to the one from the e-mail you’ve received. Use different, strong passwords for each of your accounts and two-factor authentication. Use a proper security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud and Kaspersky Total Security, which will warn you if you are trying to visit a phishing web page.