Posted on July 5, 2017 - by Darryl MacLeod - in Building Your InfoSec Program
Email phishing is tricky – it often comes from a sender you already know and trust.
A few weeks ago my wife told me that she got an unexpected email from the Canada Revenue Agency. They wanted to initiate an Interac e-transfer of $980.99 into her account. The alarm bells immediately started ringing in my head.
I took a look at the email she received, it definitely wasn’t from the CRA. Being the curious cybersecurity guy that I am, I decided to take the bait and click on the deposit link, in a virtual sandbox of course.
As you can see above, the site is looking for valuable personally identifiable information (PII) that no one should have to provide over the Internet. I used my trusty Shodan browser plug-in to determine that the server resides in Romania. I know for a fact that CRA wouldn’t have an office in Romania!
Without entering any information, I clicked continue.
Chrome warns me one page too late that this site may be suspect. I understand the risks to my security, so I visited the infected site.
Now here’s where things get really interesting. It is looking for information that can cause a world of grief if it fell into the wrong hands. Needless to say, I didn’t enter any information or go any farther.
Delate those emails. Mark them as spam. If you have a company team that collects and analyzes threats, report that to them so they can be on the watch.
Phishing attacks have been around for years. Financial motivation is still alive and well in these types of attacks. Phishing attacks have also evolved in recent years to include the installation of malware as the second stage of the attack.
How can you protect yourself from phishing attacks? Be suspicious of emails asking for confidential information. Legitimate companies and organizations will never request sensitive information via email. Here are some other tips:
Some of these phishing emails are cunning and extremely difficult to identify, even if you are looking.
Does your company have policies about email or a team that tracks phishing incidents?