Beware of phishing attacks targeting local users

Over the last few weeks, the Monaco Cyber Security Agency (AMSN) has noted a new upsurge in phishing attacks targeting email accounts from the operator Monaco Telecom. 

The email addresses being targeted are accounts ending:

• @monaco.mc
• @libello.mc

The hackers’ attacks comprise several steps:

1. First, the hackers dupe their victims using messages, some more persuasive than others, that encourage the recipients to complete fake forms so that the hackers can steal their login details
2. They then use the stolen details to log into the victims’ email accounts fraudulently
3. Then, they set up rules which automatically redirect emails received by the users to an external account
4. Finally, they use the compromised accounts to send further phishing emails, thus expanding their attack to obtain access to other accounts

Using this approach, the hackers are able to quickly take control of many email accounts. Access to these accounts also allows them to look at the saved messages, increasing the risk of sensitive information being leaked.

• We recommend that users exercise additional caution when receiving links via email from senders that they do not recognise
• Users should also check the web addresses (URLs) displayed in their browser to ensure that they include legitimate domain names without any spelling errors
• Check any part of the webpage or legal notice that does not look right
• Never share your password with third parties