Scary Email Phish

(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)

This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.

I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:

“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;

  • A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
  • They start by changing the password, so that the victim no longer has control.
  • They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
  • Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
  • The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.

Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What To Do About This Threat

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.

Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.

As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.

So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.

Happy and safe interneting my friends.


Twitter  Facebook

A (Near) Total Eclipse

Tomorrow afternoon those of us in Central Florida will get to experience a partial solar eclipse. This is, apparently the first time in 99 years that parts of the continental US will actually get a total eclipse.

I understand the dangers of gazing into the sun at any time, especially during any phase of an eclipse.  Our local school board is taking, what I believe, to be extreme measures during our local viewing time. To quote:

“Due to the dangers associated with viewing the eclipse, all outdoor activities, such as athletics, physical education, extracurriculars and extended-day, will be held indoors beginning at 1:15 p.m. until the eclipse ends at 4:15 p.m. The district is sharing important resources with students, teachers and parents to take advantage of this educational experience, as well as encouraging safe viewing of the eclipse on appropriate television channels or online websites. “

I remember when I was in 5th or 6th grade (we’re talking about 1967 – 68) we had a partial eclipse viewable in Miami. Did we have to sit inside and watch TV broadcasts? Nope we went outside and were taught the safe ways to view an eclipse. I don’t think there were any mass-produced “Eclipse Glasses” at that time, so we did the punch a hole in a piece of paper and view the image on a second piece of paper, and made “box viewers”. Awe, the good ol’/bad ol’ days.

The Celts (my heritage), seem to look forward to eclipses.

Native Americans, would stay inside during an eclipse as they thought it was an ill omen.  The Vikings saw it as a pair of wolves eating the sun. In Vietnam, a toad or frog is eating the sun.

This article from 2013 National Geographic outlines some of the beliefs from around the world.

So don’t go run and hide and scream “Demons are eating the Sun!!” tomorrow.  The universe will survive, just like we did December 27, 2012.