A sophisticated new phishing scam is spreading among Malta’s professional community by the impersonation of employees in companies that have fallen victim to the attack.
Scammers are tricking users by contacting them from genuine e-mail accounts and even writing in the style of the person whose account they’re using.
The chamber of SMEs has described the scam as concerning and said Malta’s business community needs to “up its game” when it comes to investing in cybersecurity.
Notary Nicolette Vella had been expecting one of her clients to send her some documents, so when she received an e-mail from them with a link to a Dropbox account supposedly containing exactly that, she clicked it.
But nothing happened and, at first, she thought nothing of it. Then the phone started to ring.
Within two hours, she had received hundreds of calls from companies telling her they had received an e-mail like the one she had received. But when one client forwarded her a screenshot of what they had been sent, she froze.
“It was written in my style,” she said, stressing the e-mail looked like any other she might send when forwarding documents to clients.
Describing the scam as “extremely intelligent,” Vella said scammers had even spammed the Malta Information Technology Agency (MITA) with around 9,000 e-mails in a single day, using an e-mail account they had created from her system – a move Vella says impacted her work.
She said she was temporarily blocked from online government systems such as eCourts and the public registry, calling the episode a “big hassle,” and was forced to fork out a “lot of money” to repair her systems.
We have seen attacks increasing and becoming more and more refined
Vella stressed that while the attack had been successful, no sensitive client information had been stolen and the incident had immediately been reported to the police’s cybercrime unit.
Fraudulent emails
One auditor who asked not to be named described a similar experience, telling Times of Malta he had been sent the e-mail containing the Dropbox link from a fellow auditor.
Like Vella, he received “a lot of calls” after his system was compromised, estimating the scam had impacted hundreds of clients. And as in her case, the scammers had also used the opportunity to flood a government agency – in his case the Malta Gaming Authority (MGA) – with e-mails from his company.
Times of Malta has been informed that in some cases, scammers have even inserted themselves into an existing e-mail thread, referencing conversation points to appear more genuine.
When contacted, Chamber of SMEs CEO Abigail Mamo confirmed the organisation was aware of the scam, which she said was evidence cyberattacks were becoming more sophisticated.
“We are quite concerned and have seen attacks increasing and becoming more and more refined,” she said.
“Hackers rely on human error and as they have refined their strategies, even well organised businesses and professionals have been reporting issues.”
Mamo stressed that with the rise in targeting of professionals – such as lawyers, notaries and auditors – the seriousness of attacks was also increasing as more sensitive data was at stake.
“We need to up our game; it’s not just a case of checking e-mail addresses and doing training anymore,” she said, urging businesses to invest more in cybersecurity.
Mamo said the chamber was aware of claims that scammers were replying to existing conversations to increase trust with intended victims, saying this was one reason such attacks were becoming “more sophisticated and more of a threat”.
Cybercrime, she added, had flourished with the rise in remote working during the COVID-19 pandemic.
Meanwhile, informed sources said government agencies were aware of the scam, saying they had become “very sophisticated” but that it remained difficult to find out who was behind the attacks.
Stressing that once a hacker gains access to someone’s mailbox they could use the information to “craft better phishing e-mails,” sources said even if a victim wasn’t being asked for money, attackers could still make money by selling access to their accounts and those of other subsequent victims further down the line.