[SCAM ALERT 050] – Jefferies Financial Group

undefined

Jefferies is a diversified financial services company engaged in investment banking and capital markets, asset management and direct investing. Jefferies Group offers a full range of investment banking, equities, fixed income, asset and wealth management products and services.

During our PreCrime internet scout of October 3rd 2022 we identified suspicious markers across multiple vectors.

The Attack

Target:

Jefferies Financial Group Inc.

Possible threats:

  • Phishing/smishing campaign – luring customers to the site by sending them a message impersonating the Jefferies Financial Group Inc. with a link redirecting to the legitimate website and links directing victims to malicious sites.
  • Credential harvesting and financial gain – After luring users to the malicious site they will be asked to expose their personal information (username, password, bank details).
  • Malware – by infecting a victims devices with malicious software to steal their sensitive information.
Legitimate domain that the malicious URL redirects to

Technical Breakdown

Threat Indicators

  • Malicious domain redirecting to the official website of Jefferies Financial Group Inc.
  • WhoIs records of the malicious domain are different to the original Jefferies Financial Group Inc. domain
  • Newly registered domain – October 1 2022
  • SSL certificate expires after three months
  • MX record indicates domain may be part of a phishing campaign

Detection and Threat Analysis

The malicious domain, jefferies-group[.]com has been targeting Jefferies Financial Group Inc., an American financial services company listed on the Fortune 1000. The malicious domain was created October 1, 2022 and detected by bfore.ai October 3, 2022.

  • The malicious URL redirects the user to the legitimate website of Jefferies Financial Group Inc. Threat actors could be doing this to seem more legitimate and entice victims to follow other links they provide which appear to be pointing to the same legitimate website/brand, but instead redirect to their own malicious website. Threat actors could be doing this through some of the subdomains under jefferies-group[.]com they have created as well (all listed below). Alternatively, threat actors may be attempting to redirect some of the URLs on the legitimate website to their own malicious domains.
  • The DNS records as shown below are different to the legitimate URL. The registrar, country, certificate duration and issuer, MX records and IP address all differ from the legitimate Jefferies Financial Group Inc.
  • The registered SSL certificate expires after three months and is issued by a non-trusted certificate issuer (Let’s Encrypt), indicating malicious intent.
  • The domain has registered MX records, giving the threat actors the ability to accept and send email messages on behalf of the domain names. It indicates that the threat actors may be setting up the domain to be part of a phishing campaign that leads to the malicious domains.

WhoIs Record

jefferies-group[.]com Subdomains

How Bfore.Ai is protecting our customers

At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.

With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.

Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !

Bfore.Ai’s recommendations

Every day, adversarial tactics become more collaborative, technologically advanced, and rapid – and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :

  • Pay close attention to the URL
  • Check connection security indicators (the lock)
  • Read emails carefully
  • Look for trust seals

Appendix

This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.

Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client’s own compliance responsibilities. This report does not constitute a guarantee or assurance of Client’s compliance with any law, regulation or standard.