The attackers enticed victims with the promise of a free beauty sample pack in exchange for completing a customer satisfaction survey. Once redirected to the hijacked government domain, users were prompted to surrender sensitive personal information, including names, home addresses, and payment card details under the pretext of paying a nominal delivery fee. By utilizing a legitimate government URL, the criminals successfully evaded security protocols that typically flag suspicious retail websites.
To distribute the campaign, the perpetrators compromised the server of an unsuspecting small UK business. They deployed commercial bulk mailing software to automate the dispatch of millions of emails before the Huntress security team intervened to shut down the infrastructure. Huntress has since alerted Bolivia’s national cybersecurity authority regarding the breach of their cultural institute’s web portal.
Comments (0)
No comments yet. Be the first!