Criminals are trying to access email inboxes of UKR.NET users – SCSS
The state computer emergency response team of Ukraine (CERT-UA) under the State Special Communications Service has warned of fraudulent activity targeting UKR.NET users, the press office of the State Special Communications Service reported.
The attackers are pretending to be the UKR.NET support and sending emails with the subject line "Suspicious activity detected @UKR.NET" and a PDF attachment titled "Security Alert.pdf" (the sender's e-mail address is account.support.0@ ukr.net).
The PDF document threatens the user that their mailbox may be blocked and asks them to confirm access to the account by clicking a link. The link leads to a fake website imitating the email service's web page. If the user signs in on the fake website, their login and password will be sent to the hackers, giving a third party unauthorized access to the e-mail inbox.
CERT-UA specialists have taken additional measures to analyze the network infrastructure that has been used to carry out similar cyberattacks since 2021 and discovered at least 118 related domain names registered by the company "Internet Domain Service BS Corp" (@internet.bs, Bahamas).
In order to minimize the likelihood of threats against Ukrainian citizens, these domain names have been added to the DNS RPZ zone covered by CERT-UA. They were also handed over to CSIRT-NBU specialists to be added to the DNS RPZ zone "fraud".
CERT-UA advises UKR.NET users to:
- not click on dubious links;
- set up multi-factor authentication;
- check which third-party devices / applications have access to the mailbox and take other precautions to step up security.
We remind that in early June 2023, the SCSS reported that hackers had been spying on Ukrainian media editors for about a year.
Help us be even more cool!