"For a long time cybercriminals believed that the money was within the masses," says Crane Hassold, senior director of threat research at the email security firm Agari and former digital behavior analyst for the Federal Bureau of Investigation.
This month, it's a bogus Apple App Store email that convinces its victims to cough up all kinds of personal information.First reported by Bleeping Computer, the phishing campaign doesn't contain any especially novel elements, but it executes the basics well enough that it's easy to be fooled."They're able to bypass email filters more effectively, since there are no malicious links in the email itself."Crane Hassold, AgariIf you do so, a prompt tells you that your account has been locked for security reasons, and offers an Unlock Account button.
And if you throw the Marriott data into the mix, which included passport numbers like the OPM trove, the espionage effort seems even more comprehensive."If I were a foreign intelligence service and wanted to get a complete picture about a specific group of people, these are exactly the targets I would select," says Crane Hassold, senior director of threat research at the phishing defense firm Agari who previously worked as a digital behavior analyst for the FBI.