cofense.com Open in urlscan Pro
141.193.213.20  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

Menu
 * Blog
 * Customer Resource Center
 * Contact Support
 * Contact Us

 * Stop Threats
   
   End-to-End Email Security
   
   Defend your organization with a complete email security solution designed to
   identify, protect, detect & respond to threats.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Global Intelligence Network
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Cofense vs. The Competition
   
   See why the Cofense Intelligent Email Security suite stands out against the
   competition 
   
   Business Email Compromise (BEC)
   
   BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud.
   Ensure your business is protected.
   
   Ransomware & Malware
   
   Phishing is the #1 attack vector for ransomware attacks. Stop phishing
   attacks in their tracks.
   
   Credential Theft
   
   Protect your user’s credentials and avoid a widespread, malicious attack.

 * Solutions
   
   Email Security for the Enterprise
   
   Complete threat protection, detection and response tailored for enterprise
   businesses.
   
   Email Security for the Mid Market
   
   Security awareness training + email security protection purpose-built for
   your mid-market organizations.
   
   Email Security for Managed Service Providers (MSPs)
   
   Best-in-Class Phishing Protection and Simulations designed for MSPs, from the
   ground up.
   
   Managed Email Security Solutions
   
   Protect your organization from attacks with managed services from the Cofense
   Phishing Defense Center™.
   
   Detect and Stop Attacks
   
   Automatically identify and quarantine email threats across your organization
   in minutes.
   
   Analyze & Remediate Reported Threats
   
   Accelerate threat detection and response, empowering fast resolution.
   
   Actionable Insight into Emerging Threats
   
   Protect your organization with our deep analysis into the current threat
   landscape and emerging trends.
   
   Security Awareness Training
   
   Condition your workforce against today’s latest threats and transform them
   into your front line of defense.
   
   Security Awareness Training + Threat Protection
   
   Growing companies can get protection, realistic simulations and security
   awareness training all in one platform.
   
   Easily Report Suspected Threats
   
   Report suspicious threats with just one click.
   
   Empower Your Team
   
   Train employees through an with award-winning Learning Management System.

 * Clients
   
   Industries We Serve
   
   Businesses from all industries rely on Cofense to safeguard their teams.
   
   What Our Customers Say
   
   Global organizations trust Cofense to protect their most critical assets.

 * Resources
   
   Knowledge Center Hub
   
   Check out our resource library of solution content, whitepapers, videos and
   more.
   
   Events & Webinars
   
   Come see us at a local event or join us at an upcoming webinar.
   
   Blog
   
   Stay current on cybersecurity trends, market insights and Cofense news.
   
   Check Your SEG
   
   See the real threats that are currently evading your Secure Email Gateway
   (SEG).

 * About
   
   About Cofense
   
   Cofense stops email security threats and protects your company through our
   network of 35+ Million human reporters.
   
   News Center
   
   See the latest articles, press releases and more in our news center.
   
   Awards
   
   It’s an honor to be recognized in the cybersecurity market. Check out our
   recent awards.
   
   Partners
   
   Grow your business, drive new revenue streams, and improve your competitive
   posture through our Partner Program.
   
   Careers
   
   We’re looking for passionate people to join us in our mission to stop all
   email security threats for organizations around the globe.
   
   Management Team
   
   Get to know our management team.

X

Get a Demo



DOUBLE TROUBLE: UNMASKING THE EPOS NET PHISHING SCHEME THAT TURNS TRUST AGAINST
YOU

 * April 18, 2023

Home » Blog » Double Trouble: Unmasking The EPOS Net Phishing Scheme That Turns
Trust Against You

Share Now

Facebook
Twitter
LinkedIn

Found in Environments Protected By:  Microsoft, Fortimail  

By Kurtis Nicks, Cofense Phishing Defense Center   

Phishing attacks continue to evolve, with threat actors becoming increasingly
clever in their attempts to deceive their targets. The Cofense Phishing Defense
Center (PDC) has recently observed a sophisticated phishing campaign targeting
EPOS Net customers, a large Japanese credit card company. The campaign is
notable for its meticulously crafted emails and cloned website, as well as its
use of official customer service numbers to establish an illusion of
legitimacy. 

In the past, we have observed similar schemes employing social engineering
techniques and exploiting popular platforms to establish trust. This particular
phishing campaign stands out for the lengths to which the attackers have gone to
create a sense of urgency and authenticity. 



Figure 1: Email Body

The phishing email begins by thanking the receiver for their continued patronage
of EPOS cards and mentions that EPOS Net monitors card usage to prevent
unauthorized use. This seemingly benign introduction helps establish an air of
legitimacy. The email then takes a more urgent tone, claiming that the
receiver’s credit card might have been used fraudulently and urging them to
check the details via a provided link.

The threat actors have gone to great lengths to make the email appear
legitimate. They have spoofed the “from” address to resemble an official EPOS
Net email, and the layout of the email mimics that of a genuine communication
from the company. The email’s intention is to create a sense of urgency and
fear, motivating the victim to click the link and provide their sensitive
information.



Figure 2: Phishing Page 

Upon clicking the link provided in the email, recipients are directed to an
exact replica of the official EPOS Net website. The threat actor has cloned the
website to capture banking information from users. The phishing site requests
the user’s username and password and then leads them to a second page that asks
for their EPOS card details, including the card number, date of expiry, security
code, and the telephone number used when applying for the card.



Figure 3: Phishing Page (Post login) 

The attackers cleverly establish trust by including the official EPOS customer
centre numbers at the bottom of the page. While some phishing schemes use fake
numbers and call centres to assist in the deception, this campaign employs the
actual customer service numbers. If victims were to call these numbers, they
would quickly realize the scam.



Figure 4: One-time Password page 

The threat actor continues to build on this false sense of security by asking
for a one-time password after the recipient enters their credit card
information. Threat actors have the potential to utilize a script, which can
attempt to log in using the information provided, prompting EPOS to send a
legitimate SMS code to the victim’s mobile phone. Once the one-time password is
entered on the phishing site, the victim is redirected to the official EPOS
login page, further reinforcing the illusion of legitimacy.

In conclusion, this phishing campaign highlights the evolving tactics of threat
actors and the importance of remaining vigilant when dealing with emails
requesting sensitive information. Always verify the authenticity of emails and
websites, and never provide personal or financial information without being
certain of the recipient’s legitimacy. This campaign illustrates how automated
systems – such as those identified at the top of this article – fail to
outperform humans, and the network effect of people as sensors, spotting and
reporting suspicious email With Cofense Managed Phishing and Defense, provided
through our Phishing Defense Center (PDC), enterprises benefit from our complete
view of real phishing threats.

Indicators of
CompromiseIPhXXps://eposcp-net[.]3utilities[.]com216.144.226.73hXXp://ww16[.]eipos[.]caneo[.]info/64.190.63.136



*Figure 1 English Translation


READ MORE RELATED PHISHING BLOG POSTS


COFENSE CONTINUES STRONG 2022 MOMENTUM WITH EXPANSION INTO MID-SIZE MARKET

Read More »
February 1, 2023


WHAT ARE ROMANCE SCAMS?

Read More »
February 5, 2023


TOP MALWARE TRENDS OF JANUARY: COFENSE PHISHING DEFENSE CENTER (PDC)

Read More »
February 10, 2023

1602 Village Market Blvd, SE #400
Leesburg, VA 20175

(888) 304-9422

Facebook-f Twitter Linkedin Youtube


COMPANY

 * What We Do
 * How We Do It
 * About
 * Contact Us
 * Legal
 * Privacy Policy


RESOURCES

 * Knowledge Center Hub
 * Events & Webinars
 * Blog
 * Check Your SEG
 *  
 *  

Get a Demo
©2023 Cofense. All rights reserved.

This site is registered on wpml.org as a development site.


We use our own and third-party cookies to enhance your experience by showing you
relevant content, personalizing our communications with you, and remembering
your preferences when you visit our website. We also use them to improve the
overall performance of our site. You can learn more about the cookies and
similar technology we use by viewing our privacy policy. By clicking ‘Accept,’
you acknowledge and consent to our use of all cookies on our website.

Accept