Targeted attacks on GCC org and their customers via Social Media Accounts and Cousin Domains

An attack technique being used for some years elsewhere is now being used in targeting GCC organizations.

Attack Description:

Over the last few weeks we have witnessed multiple attacks where the attacker used EITHER a "Cousin (Look-alike) Domain" setup for spear phishing Email communication OR

an Impersonated Social Media Account seemingly dormant with No or very Low Activity are being used for direct communication with the target victim. 

Attack Objective:

The attacks mostly are very targeted towards "Staff Members" for compromising their various ID credentials including official Email & Social Media accounts as well as public Email and social media accounts 

Mitigation Recommendations:

- Regularly analyze the look-alike domains for an MX (Mail Exchange) record

- Any suspicious domain should be included in the organization Email firewall blacklist 

 * to block Emails coming inwards from such domains

 * to block any Email where in the body there is a URL of that domain

- Monitor and Take-down across all Social Media any Impersonated Accounts that may even seem dormant 

Reference URLs

https://blog.malwarebytes.org/fraud-scam/2013/10/phishing-is-for-the-birds/

http://www.business2community.com/twitter/twitter-direct-message-phishing-scam-%E2%80%93-don%E2%80%99t-take-the-bait-072834

http://www.theregister.co.uk/2011/09/09/typo_squatting_email_harvesting_risk/

http://www.securityweek.com/what-are-criminals-doing-typos-domain-names

If you have any questions or comments , please email to This email address is being protected from spambots. You need JavaScript enabled to view it..