Don't Cancel What You Are Not Subscribed To

Don't Cancel What You Are Not Subscribed To

Fitness Subscription Phishing Attack (2023)

Professional services firms were targeted by a phishing campaign that informed employees via email about the start of a non-existent fitness membership subscription, which would automatically charge their payment cards. When recipients contacted the sender to cancel the subscription, they were socially engineered into downloading remote support software, allowing attackers to exfiltrate files and demand a ransom. Specifically, some of the recipients responded to these prompts either by email or by phone to indicate that they did not order such a subscription. From there, recipients were socially engineered to download a Zoho Assist. Once access was granted, actors exfiltrated files and then demanded a financial ransom to avoid data publication.

This attack illustrates how attackers can leverage socially engineered scenarios to manipulate individuals into granting access to their systems​​.

What to do to evade such incidents?

  1. Exercise Caution with Unsolicited Messages: Remember to be wary of any unsolicited emails or WhatsApp messages or SMS messages, especially those that prompt for urgent action, such as clicking on links or providing personal information.

  2. Verify Sender Identity: Always take extra steps to verify the identity of the sender if a message seems suspicious, even if it appears to come from a known contact. This can include contacting the sender directly through a different communication method to confirm the message's authenticity.

  3. Look for Red Flags: Try to spot red flags in messages, such as poor spelling and grammar, generic greetings (e.g., "Dear User"), and URLs that do not match the legitimate website's domain name when hovered over with the mouse cursor. Try to figure the link out without clicking on it.

  4. Keep Software Updated: Always keep your operating system, antivirus software, and applications updated to protect against the latest security threats.

  5. Enable Two-Factor Authentication (2FA): Always use two-factor authentication for an additional layer of security on any web app that you work on.