Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

Warn Your Employees About The New DocuSign Phishing Campaign

Phishing attacks tend to focus on executive level targets. They focus on high ranking targets who have considerable system access.

That appears to be changing. A recent trend tracked by researchers from Avanan has revealed that nearly half of all phishing emails analyzed in recent months were crafted to impersonate non-executives.

Additionally more than three quarters of them (77 percent) targeted employees on the same level.

This is something of a departure and it allows those who orchestrate phishing campaigns to target a significantly larger pool of potential victims. The reason behind the shift in focus is easy enough to understand.

The Avanan researchers summarize it as follows:

“Security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. At the same time, non-executives still hold sensitive information and have access to financial data. Hackers realized, there is no need to go all the way up the food chain.”

Increasingly hackers and scammers are coming to rely on spoofed DocuSign emails to gain access.

If you’re unfamiliar with it DocuSign is a legitimate platform used to digitally sign documents. In this case a scammer creates a dummy DocuSign document and emails a request to a low to mid-level employee to update direct deposit information or something similar.

By all outward appearances the DocuSign request looks completely legitimate but there is one important difference. An actual DocuSign email won’t ask the recipient for login credentials. The spoofed ones do. Naturally this is done so that the hackers can harvest those credentials.

Given the crush and volume of daily business emails the difference is easy to overlook which explains why this approach has enjoyed an uncannily high degree of success.

Be sure your employees are aware of this latest threat and stay on their guard against it. One moment of carelessness could wind up being costly indeed.

0
Posted on Author Atlantic Computer Services Categories Blog

Report Finds One Third Of Suspicious Emails Are Threats

Employee cyber security training is paying off according to a report recently released by IT security company F-Secure.

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one third of those emails could be classified as phishing.

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases they even gain access to a system that the hackers are targeting. For example hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

If the recipient enables macros to view the document, it will install malware onto the recipient’s computer. That will allow the hackers to spy on the user and attack other machines on the network. It’s one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

Even with a relatively low success rate there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

F-Secure’s Director of Consulting had this to say about the recently published study:

“You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft 365 Getting Button To Easily Report Phishing Emails

We’re beginning to see increasing collaboration between giant tech companies and government agencies around the world. In the UK the National Cyber Security Centre (NCSC) launched its Suspicious Email Reporting Service (SERS) back in April of 2020. The agency has received nearly 7 million reports since its launch. These include more than 50,500 reported scams and in excess of 97,500 suspicious URLs.

Microsoft is getting in on the action and has recently added a new button to its Microsoft 365 service. This new button offers one touch reporting convenience. At the touch of a button users can report scam emails directly to SERS.

Modern email systems have gotten quite good at detecting and deleting phishing and other scam emails before the user even sees them. As good as most systems are though they do have limits. This new button adds an additional layer of protection and puts the control firmly in the hands of the users.

It’s a good addition because hackers and scammers are always on the lookout for new methods. They look for ways to trick email systems and get past the automated detection routines that stop so many of their malicious emails.

To gain access to the new reporting button you’ll want to head to the company’s AppSource site and install it as a Microsoft 365 add on.

Once installed and enabled, the new reporting button will appear on your Microsoft 365 toolbar. Any time you click the button, it will send the questionable email to report@phishing.gov.uk

If you have any difficulty downloading the add on from AppSource or you’re unable to install it for any reason you can manually report suspicious emails to the NCSC using the email address above.

Kudos to Microsoft for their collaboration with the NCSC. Here’s hoping their efforts ultimately result in far fewer phishing scams and poisoned emails.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Pretending To be Chipotle In Poisoned Emails

Chipotle recently reported that an account used by their company’s marketing department had been hacked. A currently active campaign is underway leveraging this account. The hackers are sending out phishing emails containing poisoned links. A recipient clicking on these links will be directed to a malicious website designed to prompt users for a wide range of personal information so the hackers can harvest it.

Leveraging legitimate compromised email accounts is the preferred routine for hackers. Statistics show that only 2-3 percent of phishing emails sent from spoofed accounts are effective in luring recipients to click links. Hacking a legitimate email account and using it for the same purpose more than doubles the likelihood that a recipient will click embedded links and/or download attached files.

Most of the hackers launching these types of campaigns include the Chipotle hackers. They send emails pretending to be a Microsoft Team Member and usually associated with Office 365.

The poisoned links included in such messages point back to a dummy Microsoft login page controlled by the hackers. Anything a recipient enters on this page will be harvested by the hackers and used against those who fall victim to this ploy later.

The email security company Inky reported that the Chipotle email address in question had been used to send more than a hundred tightly targeted phishing emails over a three day period. A spokesman for Inky observed that salmost everyone has a Microsoft login and a significant portion of internet users use the same password across multiple websites. Hacking the Microsoft login is the option of choice for most hackers.

Chipotle has since regained control over that account but the threat remains. Given the sheer number of corporate email addresses in use today it is all too easy for one of them to become compromised and put hundreds or even thousands of people at risk.

0
Posted on Author Atlantic Computer Services Categories Blog

Notification Of New Subscription Billing Could Be A Phishing Attack

There’s a dangerous new phishing scam you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as “customer support” representatives, and even recorded messages including instructions and attached to emails. This is all done in a bid to lure unsuspecting recipients into downloading malicious files.

In this case, the attack is structured as follows:

A potential victim will get an email informing them that they’ve been subscribed to a fee-based service. The email instructs them to call a given phone number and speak with a representative who will be happy to help them.

If the recipient calls, the agent, who of course, is part of the hacker’s organization, will guide the caller to a website where they can download a file the faux agent claims is necessary to finalize the cancellation. Naturally, the file does no such thing, and is instead, a piece of malware of the attacker’s choosing.

The payload can vary and be just about anything. The currently identified campaign is using BazaLoader, which creates a persistent backdoor on Windows-based machines to give the attackers easy access to that device which they can exploit in a variety of ways later on.

While this may seem like a convoluted path for the attackers to take, it can be devastatingly effective. It has the key advantage, from the attackers’ point of view, of being extremely difficult to detect and prevent. Most detection routines are file based, and since this type of email doesn’t contain an attachment of any kind, it poses tremendous challenges for IT security professionals.

As ever, the best defense is education and mindfulness, so be sure your staff is aware.

0
1 4 5 6 7 8 13