Hackers are doing their best to maximum utilize the holidays for financial gain. The attackers have launched a new spear phishing attack in which they pose as CEOs of the victim's workplace to trick them by sending gift cards, a per report of email security researchers at Barracuda Networks.
These phishing campaign emails don't include any attachments, malicious links, or any other files, unlike other phishing campaigns. The other major thing in this campaign is that is sent from a trusted email domain. As a result, most of the email filters do not find them as a threat.
According to Barracuda Networks, the attackers are targeting users not only by using a phishing campaign but also psychologically. By impersonating as a CEO, they are urging users for requests for secrecy, it seems that attackers have researched a lot about the relevant details and implied urgency.
“In all of these attacks, the emails were sent from free personal email services with a relatively high reputation. In addition, they do not contain any type of malicious payloads, such as links or attachments,” wrote Asaf Cidon, Vice President at Barracuda Networks.
“Instead the emails rely solely on social engineering and impersonation to trick their targets. These types of attacks are very hard for traditional email filters to pick up because they are targeted, have a high reputation, and do not contain any obvious malicious signals.”