Compromise through means of email has been the most popular attack surface worldwide for the last three decades. Emails themed to convince users to click on links to compromised sites, open malicious attachments, or return pertinent information also known as phishing is the most successful form of social engineering in the world today. As the world is facing so many changes in the last nine months, phishing has only done the same turning to new attack types and brands to convince users to give away credentials, financial information, or open the door for the attack to gain access to their organization’s networks. This post will review some of the more popular phishing attacks active in the world today.
How COVID-19’s Changed Phishing
As users in most organizations have been forced to work more from home and many normal life activities have been altered so has the phishing themes targeting these users. Many of the themes used in the past focused on the events of the times. For example, during tax season there is a large influx of phishing emails geared towards compromising user’s information from emails looking to come from the IRS. Also, the completion of an election season can create an increase of election themed emails with various phishing attempts.
Considering the COVID-19 pandemic, companies have increased focus on the end user at home more than ever before. Barracuda reported that the increase of Coronavirus related phishing attacks has increased over 667% that focuses more to the users at home. This includes 34% of the phishing related to brand impersonations and 54% direct scamming.
According to Check Point Security’s review of phishing in 2020, it is clear that user brands have become larger targets then in previous years. The top 10 brands that are being impersonated include Apple, Netflix, Yahoo, WhatsApp, PayPal, Chase, Facebook, Microsoft, eBay and Amazon. Using subject lines that include Urgent, Request, Important, Payment, or Attention, catch the user’s attention quickly to make it seem an action needs to be taken or that a payment is due.
According to open-source information (OSI) most of the attacks are from attackers leveraging economy-based malware to steal banking information. An example of one of these is the Hancitor Trojan. Delivered by way of email focused on users need to open an attachment which would then leverage the functions of the malicious scripts built into the document that would compromise the system and install the banking trojan on the user’s system. Though it seems to be very simple and easy to avoid that is what makes the attack much more successful.
Does This Look Right?
The lack of understanding from end users is a large part of why these attacks are so successful. There are a few red flags that users should be mindful of when it comes to phishing.
- Mismatched and misleading information
- Use of urgent or threatening language
- Promises of attractive rewards
- Requests for confidential information
- Unexpected emails
- Suspicious attachments
If these any of these red flags come up it is important to slow down and review the information so that a hasty or unwanted action is not taken. The lost costly action that can happen is to respond to quickly. One tip that is good to remember is, if it is this important, they will email back. Just like this example below, the email is made out to be an urgent request and is asking for financial private information. The sender address is not the same as the return email address so that is a big red flag as well.
Spotting the Phish in a Sea of Emails!
There are a few simple, though important actions, that users can do to help protect them from these types of attempts which in turn will protect personal or proprietary information.
- Check who the email is coming from.
- Make sure the actual email is coming from who it says it is from and not from a random email and a display name that says “Netflix” in it.
- Links are dangerous! Hover over them to see what site they are going to.
- If you mouse over a link within an email it is easy to see what site, the link goes to and if it is legit.
- Avoid Links, search for the site.
- If there is a link that is a concern or a request for information that is unexpected, go directly to the source i.e., netfilx.com and log in to an account to review the account.
- Watch for “Click here to….”
- Most organizations who are needing to get information from you will either request you to go to their site and sign in for a fix, send snail mail, or will contact you directly and ask you to log in and confirm information.
- Request not asked for
- If you did not request to have your account password changed and you get an email that says click here to change your password, check your account before putting in any password information.
Phishing is a powerful and very successful tool used by attackers wishing to gain information or access to data they desire. It is important that users are mindful of the ways these attacks may attempt to gain that information. It does not mean they need to know all the current attackers or the themes they are using, though keeping a close eye on the emails they are reviewing and actions they are taking. During this difficult time of life where we are all in situations that are out of the norm, it is especially important to be mindful of what actions we are taking on our all of our devices.
Coronavirus-related spear phishing attacks see 667% increase in March 2020. (2020, April 16). Security Magazine | The business magazine for security executives. Retrieved December 8, 2020, from https://www.securitymagazine.com/articles/92157-coronavirus-related-spear-phishing-attacks-see-667-increase-in-march-2020
Microsoft is most imitated brand for phishing attempts in Q3 2020. (2020, October 19). Check Point Software. Retrieved December 8, 2020, from https://www.checkpoint.com/press/2020/microsoft-is-most-imitated-brand-for-phishing-attempts-in-q3-2020/