The Anga Com Conference is Europe’s leading business platform for Broadband, Television, and Online, based in Germany. However, in the latest phishing scam, crooks are exploiting the platform to steal personal data.
In a cunning display of cyber deception, hackers have devised an intricate phishing attack by leveraging the reputation of Germany’s renowned Anga Com conference. By sending spoofed emails and creating deceptive web pages, these hackers are deceiving unsuspecting users into divulging their login credentials.
Security researchers at Avanan, a subsidiary of Check Point Software, have uncovered the details of this sophisticated attack, shedding light on the techniques employed by crooks. Anga Com is a widely attended conference in the broadband and media distribution industry, drawing more than 22,000 participants from 470 companies globally.
Typically, conferences serve as a platform for companies to generate interest and revenue by sharing lead lists. However, hackers have exploited this process by inserting themselves into the lead delivery system. In this case, they have created fraudulent web pages on legitimate developer sites, making it challenging for victims to detect the scam.
The attack begins with an email that appears to originate from Anga Com, informing recipients that visitors expressed interest in their exhibition during the conference. The email entices users with the prospect of generating new business and urges them to click on a provided link to engage with potential clients. Upon inspection, the email address of the sender is found to be an Outlook address not associated with Anga Com.
Clicking on the link redirects users to a deceptive login page skillfully designed to mimic the legitimate Anga Com platform. Unbeknownst to victims, the URL of this page is angacom-de.surge.sh, whereas the genuine URL is angacom.de. The hackers have utilized Surge.sh, a legitimate web development service, to create a convincing replica of the Anga Com website. When users enter their email and password on this fraudulent page, their credentials are promptly stolen.
This attack combines several techniques, including impersonation, social engineering, and credential harvesting. The initial email preys upon the trust and interest associated with the Anga Com conference. Hackers capitalize on the conference’s popularity and the promise of new business opportunities to manipulate users into clicking malicious links.
Moreover, the creation of the look-alike webpage requires some level of expertise, although the availability of tools like Surge.sh facilitates this process for cyber criminals.
According to the company’s blog post, Avanan researchers promptly notified Surge.sh and Anga Com of the situation upon discovering this attack. By replacing the links in email bodies and attachments, security services can enhance their ability to detect and prevent attacks that hide malicious links.
To defend against such attacks, security professionals are advised to implement security measures that thoroughly examine all URLs and emulate the webpages behind them.
Furthermore, leveraging URL protection systems that recognize phishing techniques, such as those employed in this attack, can serve as valuable indicators of malicious activity. Educating users and employees to hover over URLs and exercise caution when clicking on links can also help mitigate the risk posed by sophisticated phishing campaigns.