Business threat intelligence | Win the fight against phishing attacks
June 21, 2017
Blueliv has one module that handles two of the main cyber threats targeted at businesses–Phishing and Cybersquatting. This module plugs into our threat monitoring Enterprise Platform Solution. For completeness, we’ll divide these threats into separate articles.
First, it’s important to understand the inherent nature of these attacks. Criminals who steal are not all the same. There’s a clear distinction between a thief and a robber.
A robber takes something from you by force. In the cyber world, that’s the kind of attack you see with cybersquatting, where a person buys up related domain names and uses them to leverage payments from a legitimate business or organization. Cybersquatting will be the subject of a second article.
A thief, on the other hand, is stealthy. He relies on distractions and deception to mask his activities. In the cyber world, a sneak-attack that cloaks criminal activity while making it appear like a genuine, branded email–that’s Phishing.
Why the deception?
Simply put, nobody’s going to willingly click on a link or an attachment that looks like it could inject malware into their device. That would be foolish. So, the criminal who Phishes has to employ a subtle approach.
He needs his email to appear like it has come from a trusted source. The more convincing the counterfeit, the more successful he’ll be at getting the desired response.
Perpetrators of Phishing look for the most vulnerable prey–unsuspecting business users, whose guard is down, or are simply unschooled in the ruthless practices associated with this attack.
The best defense against phishing is education. Regular employee training, timely communications, and vigorous Internet email policies can eliminate a multitude of ills.
This article will demonstrate:
- How Phishing works
- Show an actual Phishing attack
- Outline basic steps to take to protect your enterprise, your resources, and most especially your employees
We recommend getting our external Threat Intelligence Enterprise Platform Solution. It alerts you to the current Advanced Phishing and Cybersquatting threats. To learn about our Enterprise Platform Solutions, as well as other specialized modules, click here.
A Definition of Phishing Terms
So what is the all-inclusive definition for Phishing? The New Oxford Dictionary defines it as:
Phishing – the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Once the target has clicked the link or opened the file, malware is introduced into a network and it begins to access to probe digital infrastructure, on the hunt for sensitive information.
An Actual Phishing Email Incident at UC Berkeley
One example of a Phishing email incident took place on the campus of UC Berkeley, California, May 3, 2017. It came in the form of a blast email, which was unfortunately clicked on and a global worm was introduced on campus.
The sender’s domain was berkeley.edu, so it is easy to see why the students and others were fooled.
Lesson one: when you open an email and something seems strange, trust your instincts. Here’s what’s “fishy” about this Phishing email:
- The addressee seems suspicious too; firstname.lastname@example.org
- The Berkeley writer said it was odd that a Google Doc would be blind-copied; odder still that it would be the originator
None of these things add up as a normal thing to see in an invitation to edit a Google Doc.
Other examples of actual subject lines from Phishing emails:
- A Message from Human Resources
- Your Dropbox File
- FedEx Shipment Update
- Email Account Upgrade
- bCourses Notice of Expiration
- PayPal – We Need Your Help
- Apple: Last Reminder You Must Update Your Account Information
It’s astounding the depths to which these criminals will sink to get money from unsuspecting victims. They make excellent case studies for organizational training purposes.
This link from Krebs on Security will explain what these criminals can do with hijacked information and accounts. It’s one of the most popular posts in the history of his well-respected blog.
Information criminals harvest from businesses include:
- Fedex, UPS, Pitney Bowes account information
- Proprietary information from work documents
- Proprietary information from work email
- Salesforce information like sensitive account information
Different Types of Phishing Attacks
To close our discussion, I think this brief explanation about the types of Phishing attacks will prove how business-driven this type of cybercrime is.
1. Spear Phishing
This attack targets a well-researched individual or company. Perpetrators may rely upon information scraped from social media sites for either company or individual employees. That’s why employee education and instruction on guarding personal information on social media is important.
Symantec reports in 2017, one in 131 emails contained malware–the highest in 5 years.
Word documents tend to be booby trapped. Make a call to the source if you’re ever in doubt, and never open a Word attachment on an email from someone you don’t know.
2. Clone Phishing
In this attack, criminals reuse legitimate emails and attachments. Cloning or spoofing is nothing new to the financial sector security teams. Perpetrators replace attachments and links with malicious counterfeits. The clone might have the words–resending or update. This one definitely relies on victims having their guard down.
In this attack, criminals target C-Suite Executives. Content for these emails is specifically written to managers and impersonate the tone and gravitas of those in authority such as government or legal agencies, law enforcement and the like.
As you can see, these attacks are highly pernicious and can wreak havoc on businesses and organizations.
Actions You Can Take Today to Protect Valuable Company Resources
Besides getting the Threat Intelligence Enterprise Platform, here are some things to remember. When in doubt, don’t. It only takes a minute to call the person sending to see if they did in fact email you.
Other things to watch for:
- Hold your cursor over a link to see who the sender really is
- Examine the URL for any typos; don’t open misspelled URLs
- Scrutinize subject lines that seem odd or unexpected
- Never give your password or other account info in an email; a legitimate source will never ask for this
Make no mistake about it, Phishing (and Cybersquatting) target the business sector. Our Threat Intelligence Platform can keep you alerted to trending threats in real-time. This particular form of cybercrime is particularly sly and may require more diligence to combat.
To find out more about our module or to schedule a FREE, no obligation demo, please contact one of our analysts.
Notes & Sources:
PHISHING AND CYBERSQUATTING:
The Blueliv Phishing and Cybersquatting Module combats both types of attacks by detecting possible attempts to acquire sensitive information by masquerading as a trusted entity or by detecting similar domains that can potentially be used to replace your company’s original domains.
UC Berkeley Phishing Examples Archives:
Current Phishing Attacks:
Google Docs Phishing Scam: