Threat Alert: FAKE HELP DESK TOAD ATTACKS

• Unattributed threat actors distributed a wide swathe of Japanese-language messages regarding fake security concerns or issues.
• Messages include the translated subject line: “We have detected unusual activity on your account, or we have determined that your credentials may have been compromised.”
• Threat actors regularly tailor and engineer lures relating to false security issues to entice users into engaging with them.

How is it used in the wild?

• These messages claimed to identify unusual user activity or compromised account credentials. They ultimately direct unwitting users to an actor-controlled landing page.
• The actor-controlled landing page presents a fake Microsoft Windows security alert, including a phone number for users to call to purportedly remediate the security concern.
• Once engaged, threat actors are likely to attempt to elicit personal or sensitive information from users, including account credentials or payment information, or even gain remote access to a user’s device.
  

Key Action: Stay Alert!

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to open a link, call a number, or provide credentials. If you notice a subtle change or inconsistency within a message, don’t ignore it—report it.
• Be aware of potential lookalike web pages. Always look for signs of potential web page impersonation. Be sure to check the URL carefully. Some impostor sites use URLs that very closely resemble the legitimate URL.
• Always verify unexpected phone numbers through a different means of communication. Seek external sources to verify that numbers are legitimate.
• Report ANY suspicious emails via Phish Alarm.