THREAT LEVEL - HIGH

14-07-2023

Active PCI SSC Impersonation Phishing Campaign

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

 

Description

We have observed that an active phishing campaign targeting PCI Security Standards Council (PCI SSC) affiliates, has been identified.

The phishing email message impersonates PCI Security Standards Council (PCI SSC) and tries to induce unsuspecting affiliates of PCI, including merchants, Community Meeting sponsors/exhibitors and others, purportedly on behalf of PCI SSC, seeking to elicit financial or other sensitive information and/or potentially sell unauthorized services.

The phishing campaign includes these IOCs:

  •  Emails requesting “Know Your Customer” (KYC) information, “Merchant Member Business
  •  Information”, or similar information.
  •  Emails requesting routing numbers, account numbers, or other sensitive or financial data.
  •  Email offers for event attendance lists, purporting to be from or associated with PCI SSC.
  •  Calls from individuals claiming to be PCI SSC representatives offering various services.
  •  Arranging hotel rooms for or providing information about the PCI Community Meetings.

It is important to not that PCI SSC will never send industry stakeholders unsolicited requests for routing, account, or similar financial numbers, data, or information.

 

CVE(s)

N/A

 

Affected Systems 

  • N/A

 

Recommendation(s)

To confirm information about PCI SSC Community Meetings and other PCI SSC events, all details are available on the Event page of the official website.
Questions about information received via email may be directed to [email protected].

The guidelines below will help you protect against malware and its associated security threats:

  • Do not open e-mail from unknown sources. Be suspicious of emails purporting to be from financial institution, government department, or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes, and similar information. Opening file attachments by clicking on web links in suspicious emails could expose your system to malicious code that could hijack your computer.
  • URL Filtering mechanisms should be in place.
  • Never respond to a suspicious email or click on any hyperlink embedded in a suspicious email. Call the purported source if you are unsure who sent an email.
  • If an email claiming to be from your financial organization seems suspicious, checking with your financial organization may be appropriate.
  • Consider enabling the “”Show hidden file-extensions””.
  • Filter executable files in email. If your email gateway has the ability to filter files by extension, you may wish to deny mails sent with “.exe”, “”.scr””, “”.bat”” files, or to deny mails sent with files that have two file extensions, the last one being executable.
  • Disable macros in Microsoft Office files. Most people may not be aware that Microsoft Office Files are like a file-system within a file system, which includes the ability to use a powerful scripting language to automate almost any action you could perform with a full executable file. By disabling macros in Office files, you deactivate the use of this scripting language.
  • Install anti-virus and spyware detection software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
  • Update your computers regularly with the latest versions and patches of both antivirus and antispyware software.
  • Ensure computers are patched regularly, particularly operating system and key application with security patches.
  • Back up your data. The single biggest thing that will defeat ransomware is having a regularly updated backup.
  • It is strongly recommended to implement a Security Awareness program, addressed to all your management and staff, designed to increase the level of understanding regarding Social Engineering and security threats in general.

Finally, in case that a system is compromised, it should be immediately removed from the network.

 

References 

 https://www.pcisecuritystandards.org

IthacaLabs Incident Response and Threat Intelligence Services

SIGN UP

Get the latest Threat Alerts in your inbox.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). By completing this form, you consent to the collection and processing of your personal data for the purpose of processing your inquiry. Your data will be handled securely and will not be shared with third parties without your explicit consent. You have the right to access, rectify, or delete your personal data at any time by contacting us at [email protected]. For more information on how we handle your data, please refer to our Privacy Notice