Like France, phishing by e-mail has been favored by hackers. They used spearphishing and identity theft to collect hundreds of thousands of accounts from employees of companies in the hospitality sector, but also from a large accounting firm.
Among the methods used to achieve their ends, hackers used spearphishing, an advanced form of phishing that targets specific individuals or organizations. Unlike general phishing, which distributes fraudulent messages on a large scale, spearphishing involves carefully personalized attacks, which have been designed to deceive a particular victim. Cybercriminals conduct extensive research on their targets to make their fraud attempts more convincing, often by posing as a trusted Source that the victim knows.
Attackers use collected information, such as the victim’s personal and professional details, to create credible spearphishing messages that may include links to malicious websites or malware-infected attachments. The aim is to trick the victim into revealing sensitive information, such as login credentials or financial data, or installing malware that can compromise the security of computer systems.
In total, between 2016 and 2021, Alireza Shafie Nasab, Reza Kazemifar, Hossein Harooni and Komeil Baradaran Salmani, the four Iranian hackers, hacked more than 220,000 employee accounts, all through several campaigns.
