It's that time of the year many fishermen look forward to, the waters have started to chill, and the predators are out in force looking for a juicy victim to chow down on as they fatten themselves up for the winter months ahead. In this blog however I want to talk about a different type of predator and a style of Phishing that doesn’t involve sharp teeth and well stocked supply of plasters.
2018 has continued to see a rise in Cyber Attacks with Phishing attacks still proving to be among the most prevalent of these. Many industry pundits will tell you that the chances of you being breached via a phishing email is almost a certainty these days. Below we highlight four of the biggest scams running in 2018, so you can be aware of the types of activities you should make your teams aware of.
World Cup of Scams
2018 was the year that England surprised themselves, Croatia made it to their first ever final, and the scammers put out their best 11. Playing on human weakness and a fear of missing out, attacks were instigated offering everything from reduced accommodation and flight deals to Russia, all the way through to lottery prize offering tickets to the final. It is not just the world cup that's targeted in this way, the upcoming holiday season and other popular events are often the scene of “Special Accommodation” offers, where the only thing you'll be accommodating is someone else’s access to your business-critical data.
GDPR (General Data Passed-on Regrettably)
Clicking on the acceptance link, however, led the recipients to a page that asked them to submit their personal data including their financial details and account credentials.
In mid-January, security researchers discovered a Phishing Campaign in which attackers abused compromised MailChimp accounts to send out fake invoice notifications. Those emails arrived with .ZIP archives concealing .js files that downloaded the GootKit infostealer.
At the time of discovery, security experts hypothesized that criminals were abusing weak, breached and/or reused credentials to hack users’ MailChimp accounts. They also reasoned that bad actors were targeting these accounts in particular because MailChimp is an established email marketing provider and therefore doesn't run into too many problems with spam filters.
Who's been a naughty boy?
This year a phishing campaign in which a known threat actor called TA505 sent out hundreds of thousands of attack emails. This became known as the Sextortion Scam, where the email would state to have video evidence of the target using adult sites and threaten to expose them unless a ransom is paid. Those messages contained a unique attachment: PDF files with malicious .SettingContent-ms files, XML documents which allow Windows 10 users to create shortcuts to settings pages. A security researcher found that an attacker could use the .SettingContent-ms files to run arbitrary commands while avoiding precautions introduced by Windows 10.
The cyber threats faced by your business and users are getting increasingly inventive, but that doesn't mean you can’t take action. For instance, if you get a note from an address you don't trust, search the sender's address in spam databases like Spamhaus.org or DNSStuff.com, or check a sender's reputation with SenderScore.org or ReputationAuthority.org.
If you'd like to hear from an expert, why not join Melvyn White from Email Security experts Webroot on our upcoming webinar on 15th November.
Webroot Phishing and Security Awareness
WHAT WILL YOU LEARN?
How to implement a responsive cyber security programme
How to encourage your staff to know the part they play in your cyber security
How often to test and train to stay ahead of the game