Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices
Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices
According to KrebsOnSecurity, professional phishing gangs are aiming to affect stock values by targeting brokerage firm customers. To make money off the operation, the attackers employ a strategy known as “ramp and dump.”
Krebs writes, “The scammers do not have to rely on generating interest in the targeted stock on social media when using ramp and dump.” Instead, they will invest in the stock they want to inflate, buying big quantities of it via stolen accounts and then selling the shares once the price hits a certain level.
According to Krebs, the phishing lures impersonate one of the main brokerage platforms and are distributed using Google’s RCS service and Apple’s iMessage. They inform the receivers that their account have been terminated due to suspicious activity and advise them to log in and confirm certain details. The emails contain a link to a phishing website that requests the user’s username and password before requesting a one-time code that will be sent to them via SMS.
Although the sophisticated phishing kits may be readily modified to target other brokerages, China-based criminal organizations are utilizing them to target Schwab clients, Ford Merrill, a security researcher at SecAlliance, told Krebs. The kits are notable for their ability to get around multifactor authentication.
Merrill said Krebs, “They will use all these victim brokerage accounts, and if necessary, they will liquidate the account’s current positions, and they will preposition themselves in that instrument in some account they control, and then they will sell everything when the price goes up. The brokerage might not be pleased either, and the victim will be left with worthless shares of that equity in their account.”
World-Class Phishing Simulation Services by Craw Security
Here, your employees are empowered to make more informed security decisions on a daily basis by Craw Security, a well-known VAPT Solutions Provider Organization in India. Craw Security‘s Phishing Simulation Services are trusted by more than 70,000 enterprises globally to improve their security culture and lower human risk.
Craw Security is the sister vertical of News4Hackers, which is widely viewed as one of the leading VAPT Solutions Providers in India that delivers authentic VAPT Services under the prime influence of world-class penetration testing professionals having more than 10 years of quality work experience. To know more about the prime VAPT Solutions offered by the high-end penetration testers of Craw Security, you can give them a call at their hotline mobile number, +91-9513805401, and have a word with their superb penetration testers for the best price and other crucial details.
No Cost Phish Templates
Do your users know what to do if they get a phishing email? We have the greatest collection of templates that replicate real-world goods and services, such as Microsoft, Amazon, Gemini, Google, Outlook, and many more, because we provide extremely skilled Phishing Simulation Services.
Advantages of Using Craw Security’s Phishing Simulation Services:
Here’s how it works:
| Authenticity That Mirrors Real Threats | With the help of templates designed to look and feel like real emails from banks, social media platforms, cloud services, human resources departments, and well-known businesses, employees can spot real phishing attempts. |
| Diverse Attack Scenarios | Ensures that workers are prepared for a variety of attack approaches by covering a wide range of phishing tactics, such as spear-phishing, password resets, job offers, fraudulent invoice fraud, and credential harvesting. |
| Adaptive Difficulty Levels | For both inexperienced and seasoned users, training may be tailored to include anything from overt phishing attempts to incredibly intricate and nuanced lures. |
| Industry-Relevant Templates | Simulations are made more realistic and practical by modifying templates to reflect risks specific to a certain industry (such as government, healthcare, education, or financial services). |
| Regularly Updated Library | New phishing templates are frequently added to the simulations to represent new trends and evolving cybercriminal tactics, keeping them up to date with today’s threat landscape. |
| Localization and Personalization | Multilingual and region-specific templates mimic local frauds, while dynamic fields allow customizable information (names, responsibilities, or internal departments) to add credibility. |
| Measurable Employee Response | In order to track the growth of awareness over time, different template categories can be used to track click-through rates, credential submissions, and reporting rates. |
[Get Your Phishing Simulation Services]
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
DaVita Data Breach of 2.7M from Ransomware Attack
About Author
English