Phishing and Spearphishing: Don’t Take the Bait

If you could just prevent your staff from clicking on links or opening attachments in phishing emails, 95% of your cybersecurity problems would be prevented.

As perimeter defenses and anti-malware software products have become more effective, cyber-attackers have turned to the phishing email approach as their number one favorite method for acquiring user names and passwords or gaining unauthorized access to computers on your network. The spearphishing variation is when the attacker has done enough reconnaissance on your company to send an email to the one person they know would be the most helpful. Here are some recent examples, as reported on CSO.com:

• Sony Hackers Used Phishing Emails To Breach Company Networks
• New Spear Phishing Campaign Pretends to be EFF
• Investigators Suspect Anthem Breach Began with ‘Phishing’ of Employees
• Email Attack on Vendor Set Up Breach At Target
• Phishing scam breach compromises data of 39K (in a large Texas hospital network)

Phishing emails play on people’s willingness to trust. Some common types include:Email from the boss.

Email from the Boss

 This is usually a request appearing to come from someone far up the food chain, and usually is a request for a large wire transfer. Take time to verify these requests with a phone call. This is usually a spearphishing email sent to the bookkeeper, accountant or CFO.

Your account is broken.

 Email will appear to come from a company you do business with, complete with a link to a look-alike login page. Usually designed to steal login credentials or credit card information, or both.

Let’s make a deal. 

The advanced fee fraud or “Nigerian” email promises untold riches if only you will send some good faith money or provide you bank routing and account number for the huge deposit. Either way your money will disappear.

So precious.

In this case you are sent something enticing, like a free GoPro or iPhone, a cute cat video, or a game, or a gift certificate.

Your shipment is damaged. 

Designed to look like they came from UPS, FedEx, USPS, or other shipping services, there is a sad story about your shipment, and an attachment to open or a link to click.

Clicking on the links or opening attachments usually will install a remote access Trojan horse malware program that will allow the attacker to log into your computer from across the Internet. That sort of access gives them the ability to bypass your firewall. The malware usually includes a module that disables your anti-malware software too.