TT-CSIRT – 431.02.08.24. Phishing campaign targets Ministries, Divisions and Agencies

TT-CSIRT – 431.02.08.24. Phishing campaign targets Ministries, Divisions and Agencies

The TTCSIRT has received reports from multiple Ministries, Divisions and Agencies of the occurrence of the following phishing campaign. Phishing emails are being received from the “virginmedia[.]com” domain and are impersonating the head of the respective MDA. The phishing email is targeting both personal and corporate email accounts. The emails try to coerce the victim into purchasing gift cards under the guise of rewarding employees.

Sample Phishing Message:

  1. “Good Morning [Employee Name]. Are you free at the moment?”
  2. “How are you doing? I have chosen some of the workers to receive gifts for their hard work and diligence to the organization, I’ll be needing your assistance. I don’t know your plan for today, so let me know if you’re able to assist me with this Assignment. Your confidentiality will be highly appreciated.”
  3. “Great! Here’s what I want you to do for me because I’m having a busy day and I believe I can trust you to keep this as a surprise. I have been working on incentives and I aimed at surprising some of the employees with gifts this week. This should be Confidential until they all have the gift cards as it’s a surprise. I would need you to make a purchase on my behalf. Quickly can you locate a store (iWorld store or any other store nearby) what store do you think we have around to make this purchase? I am considering Visa cards or other gift cards (Visa cards, Apple gift card) since they can be gotten almost anywhere.”

Recommendations:

ICT Departments are advised to sensitize and educate employees on how to identify and report these phishing emails. To protect against phishing, always verify the source of unexpected messages, avoid clicking on suspicious links, and use security tools like email filters and antivirus software.

ICT Departments are also advised to filter emails from the above mentioned domain.

If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt