Beware: Hackers targeting email service providers
MANILA, Philippines —Hackers are now infiltrating email service providers (ESPs) to access client mailing lists of small and medium enterprises, which are then used for massive-scale phishing attacks targeting the customers, according to cybersecurity firm Kaspersky.
In a statement on Wednesday, Kaspersky said these cybercriminals are sending emails that appear to be authentic to trick recipients into providing personal information.
ESP is a service enabling companies to send out email marketing campaigns to subscribers who agreed to be included in the mailing lists.
Kaspersky noted these hackers also pretend to be an ESP to seem legitimate and earn the trust of customers.
“Using a reliable email service provider is important when it comes to your business’ reputation and safety. However, some sneaky scammers learned how to mimic reliable services—so it is crucial to check the emails that you receive properly, and, for better protection, install a reliable cybersecurity solution,” Kaspersky security expert Roman Dedenok said.
READ: PH cyberdefenses building up; attacks down in 2023
Article continues after this advertisementA recent survey commissioned by cybersecurity firm Fortinet and conducted by International Data Corp. revealed that phishing was among the top cyberthreats in the country, with over 50 percent of the respondents flagging it.
Article continues after this advertisementPhishing
Among the common phishing schemes are text scams, which contain suspicious links leading to fake websites where unsuspecting victims will be asked to input personal data.
In response to the proliferation of text scams, the government has mandated SIM (subscriber identity module) card registration. This effectively removes anonymity of the users, which is being leveraged by the hackers when launching attacks.
READ: PH among top phishing email targets in Southeast Asia
The telecommunication companies are also actively blocking text messages found to be linked to fraudulent activities.
However, hackers continue to find new ways to launch their digital attacks. Cybersecurity experts have warned against bad actors making their way into users’ phones through online messaging applications, which can elude detection from the telco players.
Telco players and cybersecurity companies have reminded the public to just ignore these spams to protect themselves from accidentally giving out sensitive information. INQ