Most malware and phishing attacks\/traps are not specifically targeted.\u00a0 Scammers cast their net as wide as possible to catch the most fish.\u00a0 They portray themselves as the most common players in the industry (Microsoft, Apple, Symantec, DocuSign, etc) or like some of the most common service providers (FedEx, UPS, Netflix, etc).\u00a0 They play the numbers to give themselves the best odds of catching a victim.\u00a0 However, in that scenario, they don\u2019t know who or what they are going to catch.\u00a0 Generally they are going to get the smallest fish that are most vulnerable to attack.\u00a0 Larger fish are going to be more savvy have better tools and policies at their disposal to look out for such scams.\u00a0 Catching a big fish requires a larger investment in time and more focus on detail.<\/p>\n
Targeted phishing attacks are generally referred to as \u201cspear phishing.\u201d\u00a0 They pick their target specifically and pinpoint their attack to try for the bigger fish.\u00a0 They generally use similar methods of brand impersonation (possibly pretending to be suppliers or customers), but, sometimes they impersonate other staff members or executives within the organization.\u00a0 They use urgency, intimidation and potential embarrassment to get the victims to act quickly without thinking more deeply into their actions or the consequences.\u00a0 They might pretend to be the victim\u2019s boss and make a request via email with a subject like \u201c\u2026I need you to transfer money to a new supplier ASAP!!…\u201d with a message that might read \u201c\u2026I need you to transfer money to a new supplier to get the pieces coming for a big project.\u00a0 Keep this quiet as the project is still under the radar.\u00a0 I trust you to take care of this as soon as possible\u2026\u201d and maybe even with a signature line that indicates why the message is short, the voice reads differently than their normal correspondence and their typical corporate signature is not included on the message like \u201cSent from my iPhone.\u201d\u00a0 A sudden request to transfer money might be too deep, so, they may opt for something seemingly more benign. \u201c\u2026Use the corporate account to buy fifteen $100 Amazon gift cards for me to give out as bonuses.\u201d\u00a0 \u201cReply to this message with the gift card numbers as soon as you can so that I can start getting them processed.\u201d\u00a0 \u201cBetween you and me, one of these is for you.\u201d\u00a0 This time they are able to use the standard email signature you expect as they were able to glean it from other corporate correspondence they have found while researching your company as a target.\u00a0 Maybe they use the logo they just copied from your website.<\/p>\n
Another tactic is blackmail.\u00a0 This could come in the form of \u201cI have access to your account, your password is \u201cpassw0rd\u201d.\u201d (On a side note, if that is your password for anything, go change it now! =).\u00a0 When there is a large data breach the data the data is bought, sold and shared all over the dark web.\u00a0 If your email address and password for a large retailer was compromised, it\u2019s probably out there. Scammers will collect this information and use it to email you a password that was breached (and hopefully changed) many years ago.\u00a0 However, if you use the same password for multiple systems (again, if this applies to you, go change your passwords and make sure you don\u2019t use the same password for multiple logins), or if you aren\u2019t thinking and recall using the password they provided, you might be fooled into thinking they really do have your login credentials.\u00a0 One tactic we commonly see is to spoof the sender address to make it appear that it has been sent from the victim\u2019s own account.\u00a0 Then, by conveying a sense of urgency and maybe the potential for embarrassment, they convince you to follow their demands. \u201cI have your password.\u00a0 I logged into your account and got control of your computer\u2019s camera.\u201d I don\u2019t know how a someone would think a password for their Target account would give someone access to the webcam in your computer is mind boggling, but again, it\u2019s the lack of applying good logic here that is the trick. \u201cI have compromising pictures and videos of you from your computer\u2019s webcam.\u201d \u201cIf you don\u2019t send me two Bitcoins within 24 hours I am going to post the videos to the Internet and send links to everyone in your address book.\u201d\u00a0 Too embarrassed to tell anyone else what has happened (or has supposedly happened) and with the clock ticking, the victim pays the scammer.<\/p>\n
How did this get past all the edge defenses the company put in to protect the company from outside threats?\u00a0 First, the email messages described above contained no malicious payload.\u00a0 There was no attached virus or malware for the filters to flag.\u00a0 The messages come from a zero-day web link or email address (a web link or email address that was created very recently and had not previously been flagged as malicious).\u00a0 The email came from a trusted domain (like Gmail or Hotmail).\u00a0 The link points to a high reputation domain (like a major web host that sells hosting services) or maybe a new domain that hasn\u2019t been previously flagged. The message isn\u2019t sent to 500,000 addresses at once (as typical large scale phishing scams would be). Without these flags that the filters are on the lookout for, the message is allowed to make it to the victim\u2019s mailbox.<\/p>\n
What do they want?\u00a0 While access to corporate accounts is uncommon (unless you are targeting the head of the accounts payable department), there may be other valuables or valuable information that can be gained.\u00a0 Gift cards are an increasingly common request.\u00a0 As soon as the scammer has the card information it can be nearly as liquid as cash.\u00a0 Bitcoin (BTC) is a common request.\u00a0 Although it\u2019s tougher to acquire, it provides for an untraceable conduit to transfer money.\u00a0 The value may be in the form of information.\u00a0 Maybe it\u2019s a targeted attack at the human resources department requesting W2s or Social Security Numbers or other useful information.\u00a0 Maybe it\u2019s a request to change the direct deposit account for an employee\u2019s paychecks to an account controlled by the scammers.<\/p>\n
Are targeted phishing scams more common at certain times of the year?\u00a0 Along with the focus on individuals, scammers have opportune times of the year to strike as well.\u00a0 April 15 is well known as \u201cTax Day.\u201d\u00a0 An email on April 16 claiming to be from the IRS, claiming they didn\u2019t receive your tax filing could be enough stress and urgency to get an otherwise savvy user to click on a link in a panic.\u00a0 Everyone is expecting packages around the holiday shopping season.\u00a0 A well timed email claiming to be a major retailer or shipping company saying there is a delay with or cancellation of your order may again cause panic to set in and unwise clicks to be made.<\/p>\n
How do you avoid falling victim to this type of targeted fraud?\u00a0 There are some things to look for that can prevent falling victim to a scam like this.\u00a0 The two most important things are to be aware that such scams exist and taking the time to look in more detail.<\/p>\n
Be leery of messages that convey urgency.\u00a0 They are designed to get you to act without thinking.
\n\u201c\u2026What?!? the package is delayed?!? That\u2019s probably the necklace I ordered for my wife for our anniversary tomorrow!!…\u201d<\/p>\n
Look for unusual email addresses (even to the point of a misspelling of the domain).
\n\u201c\u2026Wait, this isn\u2019t from shipping@fedex.com, it\u2019s from shipping@fedexx.co\u2026\u201d<\/p>\n
Look out for vague amounts of information that ask you to follow a link to get more details.
\n\u201c\u2026Wait, there isn\u2019t an order number or a tracking number\u2026 and didn\u2019t that ship from another carrier?\u201d<\/p>\n
Look for links that claim to point to one location, but, really point to another.
\n\u201c\u2026Wait, when I hover my mouse cursor over the \u201cFedEx Track Now\u201d link it points to some crazy page on a site I\u2019ve never heard of\u2026\u201d<\/p>\n
Look for other oddities in the message that don\u2019t add up.
\n\u201c\u2026Wait, the message subject says \u201cRE:\u201d as though it\u2019s a response to a message I sent, but, I didn\u2019t send a message to this sender with that subject\u2026\u201d<\/p>\n
Find other channels of communication to verify unusual requests.
\n\u201c\u2026Wait, why would Steve in Production want to change direct deposit information for another employee?\u00a0 Maybe I should call him to confirm what he wants\u2026\u201d<\/p>\n
This is a topic that has so many facets that it can\u2019t really be covered in a single article.\u00a0 Most of the information here references phishing email.\u00a0 Scams of this nature can occur over the phone, via FAX or via virtually any method of communication. \u00a0It is advisable to consider awareness training within your organization and maybe even discuss or consider phishing simulations and how to close loop holes in communication both inner-office and inter-office.\u00a0 Discuss how different kinds of information or requests will be made and how they can be independently corroborated.\u00a0 Encourage staff to report suspicious requests or unusual requests.\u00a0 Be aware, these types of targeted scams are occurring more and more every day. -Jayson<\/p>\n","protected":false},"excerpt":{"rendered":"
Most malware and phishing attacks\/traps are not specifically targeted.\u00a0 Scammers cast their net as wide as possible to catch the most fish.\u00a0 They portray themselves as the most common players in the industry (Microsoft, Apple, Symantec, DocuSign, etc) or like some of the most common service providers (FedEx, UPS, Netflix, etc).\u00a0 They play the numbers<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rs_blank_template":"","rs_page_bg_color":"","slide_template_v7":"","footnotes":""},"categories":[16,17],"tags":[],"class_list":["post-1716","post","type-post","status-publish","format-standard","hentry","category-it-security","category-networking-communications"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/1716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=1716"}],"version-history":[{"count":0,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/1716\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=1716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=1716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webuildsolutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=1716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}