The spam landscape changes constantly with new tactics and new threats evolving, seemingly on a daily basis. A recent tactic which appears to have found favor with cyber criminals is, the limited scale, targeted phishing attack – attacks which are aimed at a particular organization, or a particular industry segment.
Designating specific targets has some obvious advantages for cyber crooks, not the least of which is – most of us don’t get to hear about them. Since the focus is narrow, this type of threat typically slides under the radar and tends not to be reported due to the low numbers involved. Despite the low numbers, this type of attack can be surprisingly effective.
Given that the content is specific to the targeted recipient, the engagement factor, where the potential victim actually opens the email and attachments, is much higher than with a a broad scale shotgun attack.
Here’s a real world example of a current attack:
This week, in conversation with my friend Rod, an Australian antimalware company executive, he mentioned that his group of companies, and product users, had been targeted specifically as the following email samples indicate.
Subject: Your antivirus.com.au account information has changed
We received your request to reset your antivirus.com.au password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.
If you didn’t request that your password be reset, please follow the instructions below to cancel your request.
Hello, xxxxx firstname.lastname@example.org.
Please reply to this email message to confirm your subscription to nod32.com.au.
Your email address has been entered for a subscription to the nod32.com.au mailing list. However, your new subscription requires a confirmation that you received this email message and want to join this mailing list.
To confirm that you do want to join click here.
To unsubscribe immediately click here.
It’s obvious from the content, that the crooks involved in this attack have increased the chances of success, by providing the recipient with the opportunity to respond both positively, or negatively. If the recipient responds either way, the crooks win, and the victim loses.
Advice worth repeating:
If you have any doubts about the legitimacy of any email message, or its attachment, delete it.
Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address. It may take a little practice to realize the benefits in adding this precaution to your SOP.
For example, to do this is Gmail -
Log in to Gmail.
Open the message you’d like to view headers for.
Click the down arrow next to Reply, at the top-right of the message pane.
Select Show original.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.