BACKGROUND
Due to the challenging pandemic situation in Brunei Darussalam where the population is advised to stay at home, cybercriminals are taking the opportunity to phish sensitive and confidential information by creating a fake website for well-known fast-food chains.
Example:
https:// bn-mcdelivery .ru
This website appears to be hosted in Russia, and offers meals at a very low price, with many menu items that are not available in Brunei outlets.
Modus Operandi
- User will first be asked for their location.
- After items are added into the cart and processed for checkout, user will be asked for personal information such as name, contact number and address.
- Payment is made by credit card, and thus credit card details are required.
IMPACT
- Links may direct the user to a phishing site, and in some cases embed malware on the user's device.
- Users are tricked into giving out their personal information which may be sold to other parties or lead to identity theft. It can also be used as a targeted list for future attacks.
- Payment card details may be sold to other cybercriminals or used to purchase from other websites.
RECOMMENDATIONS
- Check website URLs closely, and do not click on any suspicious links or attachments.
- If you find a suspicious website or online offer, contact the company directly to verify its legitimacy.
- Use antivirus software and set up automatic updates.
- Update your software regularly to minimize security risks.
- Apply appropriate patches and updates immediately.
- Perform regular file backups in a separate offline location.
- Consider blocking file attachments associated with malware such as .dll and .exe and .zip files which cannot be scanned by an antivirus program.
- Exercise good cyber hygiene and safe practices.