According to Sygnia, the email claims that the recipient has purchased a premium subscription to Duolingo or Masterclass and urges them to contact “customer service” in order to cancel the payment.
Israeli cybersecurity company Sygnia identified a phishing attack disguised as an email from Duolingo and Masterclass.
The company traced the attack to a hacking group called Luna Moth.
According to Sygnia, the email claims that the recipient has purchased a premium subscription to Duolingo or Masterclass and urges them to contact “customer service” in order to cancel the payment. When the user gets on a video call with a “representative,” multiple tools are covertly installed on their computer, granting hackers access to the data of employees or organizations.
Sygnia said that it has assisted numerous companies that have been targeted by phishing attacks in which sensitive data were stolen.
Sygnia researchers Noam Lifshitz, Oren Biderman and Tomer Lahiani said that companies can be exposed to cyber attacks when employees open emails that seem legitimate. Hackers subsequently steal data and demand ransom from organizations.
How vulnerable were the recipients?
In order to enable employees to work remotely, companies often install VPNs onto their computers, giving them a private connection to a company’s network. This can be exploited by hackers to gain access to sensitive information, such as company assets, materials and documents.
Synia emphasized that in order to avoid falling for a phishing scam, if users receive an invoice for an expense they do not recognize, they should check their expenses or contact their credit card company. The company stressed that users should not risk exposing their computer to malign actors.