Phishing & How NOT to Get Caught

6643007679?profile=RESIZE_400xI have written about Phishing before and I will continue to warn friends and colleagues about phishing and their tactics.  Phishing is the start of almost all serious cyber breaches.  In early 2020, cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaign is launched every 20 seconds.  Twenty seconds equates to three additional phishing sites designed to target users in every minute.  However, this number no longer applies during COVID-19 times.  Phishing has seen a rapid increase starting from when the pandemic went global during the first quarter of 2020.  According to security firm Barracuda Networks, there was a 667% spike in email phishing attacks in March 2020 due to coronavirus pandemic.  This new data reveals how cybercriminals are taking advantage of the people’s concerns due to the pandemic.

This increase in phishing scams is not unique to corona-related attacks alone.  There has also been an increase in invoice/payment scams and credential theft as the whole world switches to work-from-home arrangements.  The best way to guard against phishing scams is early detection.  Being able to determine a phishing email from a legitimate email helps a lot in preventing the nasty consequences of phishing campaigns, including data theft, malware infection, money theft, and others.  Protecting your privacy by using a VPN also minimizes your chance of being targeted by phishing attacks.

To foil your enemy, you must understand more about the enemy, as cybersecurity investigators have noted in the latest and most widely-used phishing tactics in 2020.  And, we are only halfway through this year. 

Here are their findings:

Corona-related phishing attacks:  As mentioned above, the most popular phishing strategy right now piggybacks on the public’s fear of the coronavirus.  In March 2020 alone, Barracuda detected 9,116 COVID-19-related attacks, which represents 2% of the total 467,825 spear-phishing email attacks detected for that month alone.  There are three main types of attacks that use the coronavirus as the hook: scamming, brand impersonation, and business email compromise.  Some of the scams you need to watch out for include fake corona cures, face masks, donation requests for companies that claim to be developing vaccines, and fake charities.  Some scams claim to be from the World Health Organization (WHO), asking for donations through Bitcoin.

Aside from scams, attackers also deploy malware through phishing emails.  Some of the well-known malware related to COVID-19 are Emotet, a popular banking Trojan, the Ursnif banking Trojan, the Fareit information stealer, the COVID-19 ransomware, Azorult, NetWalker, Nanocore RAT, and the Hancitor trojan.

Invoice/Payment phishing scams:  With so many people forced to work at home because of the pandemic, most of the business transactions are conducted online, including financial processes such as payroll and invoicing.  As a result, attackers who specialize in invoice phishing scams have substantially more victims to target.  This type of phishing involves sending a payment reminder to a vendor, brand, and even individuals, letting the receiver know that an important invoice is attached.  Clicking the invoice could either redirect the user to a phishing website where he or she is directed to pay the invoice or malware/ransomware could be downloaded to the victim’s computer.  This scam is also used in reverse, a hacker will inform you that they are trying to issue a payment to you.

6643023884?profile=RESIZE_400xUpdate payment alerts:  Aside from invoice phishing, update payment alerts are also common.  No one wants to suffer from a service outage, especially during this pandemic situation.  This is what makes update payment scams so effective.  Imagine getting an email about your Internet company terminating your connection if you are not updated with your payments or receiving an email from Netflix temporarily restricting your account until your balance has been paid off.  In the time of the COVID-19 pandemic, nothing could be scarier than having no Internet or Netflix.

Hackers are feeding on people’s dependence on these services to gain money. They usually send an email stating that there is a problem with your credit card or there is an issue with your payment, asking you to log in and update your payment details. Some attackers go as far as hacking the company and identify the employee responsible for managing accounts like these.

Security Alerts:  This type of phishing scam never goes out of style.   In fact, it is a daily occurrence.  But getting security alerts from banks, email providers, and cloud services companies can be troubling, especially since the emails are becoming more sophisticated in their imitation of legitimate companies.  These phishing emails look very real and web pages users have seen before.  Common security alerts include expiring password warnings, suspicious activity detected, suspicious logins, and others.  When the user clicks the link, the victims are compromising their privacy instead of protecting it.

How to Protect Against Phishing Scams:  Your first defense against scams like these is to be aware that they exist.  By being aware, you will be more vigilant when you open your emails.  Here are some ways to determine the authenticity of the emails you receive:

  • Check the sender’s email. Compare the email address with the previous emails you received from that business or company. If the domain extension is different, then the email is likely a scam.
  • Use a reliable VPN to help you stay anonymous online. This will minimize the personal information that hackers can collect from you that can be used for phishing.  Check out VPN review sites, such as VPN Watch, where you can find a top security solution for your needs.
  • Never click on links or attachments without verifying the authenticity of the email. If you have other contact details of the sender, confirm with him or her about the email you received.  It is worth the extra few steps.
  • Check on the grammar and sentence structure of the email. Professional emails from businesses and companies undergo proofreading to make sure that the text looks and sounds professional.  If it sounds like it was churned out by a translating machine, then be very suspicious.
  • Do not log into your account by clicking on the link. Open a separate browser and visit your account from there to verify if there have been any changes.

Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms, or having confidential data exposed or auctioned to the highest bidder.  And what do you do if you get a phishing email? Delete them.

What can you do to better protect your organization today?

  • Proper data back-up and off-site storage policies should be adopted and followed.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Phishing is normally the first step in a broader attack campaign.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
  • RedXray® NOW includes Ransomware Protection up to $25, 000 Standard, & 100,000 for Enterprise Level Businesses*.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

Our analysts strongly recommend ongoing monitoring from both internal and external network perspectives for your company and your shipping supply chain.  Internal monitoring is common practice.  However, external threats are often overlooked and can represent an early warning of impending attacks.  

Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/64265941
Twitter: https://twitter.com/redskyalliance

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!