The overlooked pandemic: Brazilian phishing attacks and how to handle them
The Covid-19 pandemic has given rise to a global economic shutdown, causing many governments, including the Brazilian government, to look for solutions to minimize the impact of the virus on the population. One of the measures that have been used in many countries, such as the U.S., is the use of economic stimulus checks that are being distributed by government officials.
In Brazil, such action is also being adopted and many Brazilians are depending highly on this financial assistance. Nevertheless, what was expected to help the Brazilian people also turned into an unexpected problem, resulting in reportedly more than 6.7 million benefactors being affected.
The program, known as ‘Bolsa Familia’, a social welfare program for the low-income segment of the population, provides financial aid to Brazilian families. In order to address the crisis, it made available a stimulus package to help qualifying Brazilians through the pandemic.
However, while attempting to take the steps to collect this sum of money, many benefactors unexpectedly received fraudulent links via popularly used messenger and social media apps and web pages. Such fraudulent links directed them to fake websites purporting to be affiliated with this program that requested sensitive information enabling criminals to access victims’ accounts and defraud them with illicit transactions.
Known as phishing, this practice is not new and has been an overlooked pandemic, having already affected millions of people in Brazil and worldwide, especially in times where most of us are staying home more than ever.
Phishing can be defined as a form of internet fraud that aims to steal personal information over the web. This includes but is not limited to; user IDs, passwords, credit card numbers as well as social security numbers. Among other possibilities, data stolen through interactive phishing can be commercialized in underground forums and sold amongst phishing cybercriminals.
Phishing is one of the oldest threats on the internet. Although this social engineering trick has been around for more than 25 years, phishing attacks are still on the rise and continue to be a real risk, both to individuals who need financial support from the government, and also to companies and Internet users in general.
As a matter of fact, banks and other financial institutions are among the most popular subjects targeted by phishing attacks in Brazil as well in many other countries.
According to IBM X-Force data, criminals used phishing as an entry point for at least one-third of all tracked attacks, being one of the most used methods of scams. IBM’s report also shows that phishing is also evolving; making attacks more difficult to identify and avoid.
Pursuant to a report by APWG (an Anti-Phishing working group) in 2019, the number of phishing incidents in Brazil increased by 232%. Just by email phishing alone, phishers have requested over $600,000 dollars from Internet users via wire transfer link scams.
In this chaotic scenario, it is important to highlight that one of the most popular ways for phishers to collect internet user’s information is through fraudulent domain names. These domain names are used to stage phishing webpages, perform email scams as well as distribute malware, significantly damaging brand reputation and consumer trust.
Surprisingly, around 16% of all domain name disputes recorded by the World Intellectual Property Organization (‘WIPO’) in 2019 exposed the misuse of domain names through phishing. In Brazil, considering the last 5 years, approximately 15,8% of all domain name cases recorded by the ABPI's Dispute Resolution Domain Name Chamber (CASD-ND) are also related to phishing activities.
Among other methods, typosquatting continues to be one of the attackers’ favorites. It occurs when phishers register a misspelled version of a domain name (usually composed by a well-known mark) for the purpose of attracting visitors who misspell the website name of the legitimate company when entering a web address. The user is then redirected to the fraudulent website which is often delineated to be an exact copy of the legitimate one.
Against such malicious attacks, preventative measures such as; human awareness, web proxies, protective registrations for similar-looking domain names, and site verification are all well-proven vaccines that can build up the immunity of organizations.
However, when such fraudulent domains are already active and redirecting consumers to fake websites, acting quickly could be the difference between a major or minor impact on a company.
There are several options to address ‘.br’ phishing domains and the best one is usually chosen on a case-by-case basis.
First, a company may act against this type of phishing scam by sending a formal letter to the Brazilian Network Information Center (NIC.br), a non-profit civil entity that has been assigned the administrative and operational functions relating to the ‘.br’ domain since 2005. Such letter needs to clearly show the ongoing fraud and may result in the cancelation of the domain.
A company could also send a cease and desist letter to the phisher requesting it to immediately stop using the domain name as well as to cancel it. Although such letters are usually not effective since their identity is hidden, this action could significantly strengthen a case if litigation becomes necessary.
Furthermore, the Saci-Adm - the administrative proceeding for the resolution of conflicts involving ‘.br’ domain names - has shown to be an effective tool to fight malicious online actors and cancel fraudulent domains, as it is cheaper and less time-consuming than traditional litigation. Under SACI, fraudulent domain names may be transferred or cancelled by a panel within two to three months of the filing.
Another effective way to handle infringers is to file a lawsuit, most typically in state court under the Brazilian Industrial Property Law. In those cases, preliminary and permanent injunctions are available and could be extremely useful, especially in scenarios where an active fraudulent domain name is redirecting internet users to an active fake website to collect sensitive information.
Regardless of the approach, during a time where Coronavirus has forced so many to work from home and, therefore, increased the risk of experiencing cyber-attacks, it is essential for companies to act quickly and proactively in order to protect Internet users. In the versatile and fast-changing online landscape, this will be the only way to escape or, at least, minimize the impacts of this overlooked pandemic.
Source: Lexology - https://www.lexology.com/library/detail.aspx?g=06020ff2-09ca-48cd-b3f9-45d8257c9297