Russian underground market for phishing campaigns

Recent investigations have unveiled how this is a well-organized market, especially for phishing activities. Researchers found one of the underground markets advertisement that offers access to data to sensibly increase click-through rate for a spear phishing campaign, showing great knowledge of the customer’s demand: the “spam leads” include useful data such as market segment, geographic data and company information that include fax, phone number and email.

Some security enterprises have followed how these criminals collect such information: they have been able to build huge collection of data, targeting specific sectors and acquiring information to use for large-scale spear-phishing campaigns.

Definitely, malware represents the most invasive and dangerous type of actions of cybercriminals. It is indeed quite easy to spread out malicious codes through huge networks of computers or mobile systems to steal all sorts of data about the victims. In the cybercrime market, many service providers offer all what is needed to spread malware to big audience at a very affordable price.

Researchers have also observed a growing trend for DIY (do it yourself), with novice cybercriminals trying to make business through illegal activities outsourcing services and buying tools and information.

There is also some peer-to-peer type of system with C2C (cybercrime to cybercrime) referring to groups of cyber criminals exchanging or renting their illegal services with so-called colleagues to develop their activities faster… Phishing experts do act in the long term, to be able to collect huge quantity of data and address their research against specific sector of interests, so as to expand the collection of data to sell.

More recently, the breach of personal e-mail accounts for Clinton presidential campaign chairman John Podesta and former Secretary of State Colin Powell have been tied more closely to other breaches involving e-mail accounts for Democratic party political organizations. Indeed e-mails with the same crafted Bit.ly Web addresses were found in the e-mails of both Podesta and Powell. Whether Podesta’s e-mails were shared by WikiLeaks, Powell’s were posted on DCLeaks. That would suggest a firm connection between the DC Leaks / Guccifer 2.0 campaign which was already linked to Russian intelligence and the source of the WikiLeaks DNC files.

So how to avoid phishing? Not to become the victim of phishing campaigns, you need be cautious when receiving emails from unknown recipients or messages that appear to be legitimate origin but are offering you “something” you did not request and demanding information on you.

Thanks to Le VPN, you can increase dramatically your online security. Your Internet connection is encrypted with a top secret standard which protects you from hackers and eavesdroppers willing to listen in or obtain sensitive information.

Your computer is hidden behind Le VPN numerous servers: any malicious external influence, such as virus network attacks, is thus repulsed by the servers. And when you are connected to Le VPN, no one can access your computer without passing through Le VPN protected servers.

Le VPN does more than keep you anonymous while surfing the Web. All your traffic is rerouted through protected VPN channels, applying protection to all of your software with network interaction. This is the best way to boost your online security.