News
Szymon Krawczyk, Senior Detection and Response Analyst @ Expel on the Met Police’s bust global cyber gang accused of industrial-scale fraud
April 2024 by Szymon Krawczyk, Senior Detection and Response Analyst at Expel
This morning the news is discussing how the police have taken down a gang accused of using a technology service that helped criminals use fraudulent text messages to steal from victims.
The technology allowed scammers without technical skills to bombard victims with messages designed to trick them into making payments online. Police targeted the gang’s site, LabHost, which helped criminals send the messages and direct victims to fake websites appearing to be legitimate online payment or shopping services.The commentary from Szymon Krawczyk, Senior Detection and Response Analyst at Expel regarding the incident.
"Phishing incidents have become a looming issue with technological advancements, enabling cyber gangs to evolve their tactics and operate as complex businesses. The Metropolitan Police’s crackdown on industrial cybergang LabHost represents a great win for law enforcement bodies globally. It displays an increased concern about the cyber readiness of not only organizations but also individuals.
Globally, our SOC team has noticed cybercriminals investing and adopting AI to help generate communications with the victims - adding a sense of legitimacy to their malicious emails/text messages. It is imperative to remember that most of these threat actors pose as credential harvesters, leveraging an initial URL and redirecting the victim to a fake login portal where they input their sensitive information. Legitimate services are frequently employed in phishing attempts.
To avoid falling victim to phishing attacks, self-education regarding the tactics of these threat actors is mandatory. Conducting a swift provisional risk assessment before completing any forms or responding to threat actors can provide a substantive difference in outcome and prevent these attackers from acquiring your data. It is critical to execute measures such as double-checking the email address a shipping/delivery notice came from, checking email addresses for errors and trusting your gut (not clicking links you may suspect are suspicious) could prevent you from succumbing to these cybergangs."
