Having a tailored attack or seemingly tailored attack poses a large risk to any individual, these attacks are built on personal information they know about you and also commonalities shared between groups.
During the past week a friend has been subject to attacks based on relevant personal information the attacker has acquired. It started off at first with a notification stating that the android device needed updating.
The attacker knew exactly what device the individual was using and attempted to get them to click on the compromised link. The first attempt was clear and showed a high level of thought and detail, at a glance it does look real (if you ignore the URL).
However, this was only the beginning as shown next they sent two more notifications, first of all we have an anti-virus looking image warning the user of a device tracker. Secondly a Facebook notification link appeared saying you have too many notifications and they will lock your phone. These two follow the trend of warning the user and getting them to rush into clicking the notifications.
Following this there was another four notifications sent over two days. With Android like notifications appearing with the branding of android being used again but in different images. Alongside this there was an image used representing viruses altering the user to spam ironically itself being itself a part of notification spamming. A fake Google account had a warning with the same URL as all the other notifications from the two above and these all have the same link.
As shown in these examples the attacker clearly has a program set up where they cycle through well known and used platforms. It is rare a user doesn’t use Google or Facebook, alongside this it shows how they knew what device the user is using.
The intricacy of this attack is interesting to examine. Unless you looked at the URL of the notifications, the texting and wording are very convincing, they show a level of detail to replicate legitimate notifications. What they also allow us to see is how they work, this is a planned route with increasing frequency to get in successfully. Glancing at your phone and seeing one of these notifications would make some individuals think they had a legitimate notification and click on the alert compromising their device.