Skip to Main Content
May 08, 2015

Here, Phishy, Phishy!

Written by Paul Koblitz
Security Testing & Analysis Social Engineering
Have you received an email from a Nigerian Princess lately offering you 20% of her $4.2 million in inheritance that is stuck in a bank? All you have to do is supply your bank account number! Have you received an email stating that you won a lottery in South Africa and all you have to do is pay the processing fee of $10,000 to claim your $2.5 million? Emails like this, for the most part, are going away. They are littered with bad grammar, atrocious spelling, and pretexts that we laugh at. At one time, however, these types of emails were part of a very lucrative business model. As time goes on, less and less people will fall for these scams and eventually, they will go away completely. Now, spear phishers have stepped it up a notch. You can receive an email from Anthem BlueCross BlueShield stating that your data was breached in the recent compromise and offering you a year’s worth of credit monitoring because of it. The grammar will be better, the spelling will be perfect, and the pretext is one that truly affected many people. Emails are now sent with pretexts that are relevant to something that might actually affect you. The Target breach, the Home Depot breach, the eBay breach, the JP Morgan Chase breach: all of these could become great pretexts for scammers to hit you where it hurts. These all affected millions of people initially and millions more were affected afterwards by phishing emails. Along with the language in the actual phishing email getting better, the attacks that they are using are getting better as well. To an attacker, it is fairly trivial to clone an existing, valid website and replace the login fields with fields that will harvest your credentials. Once the attacker has your credentials, they can log into your accounts and act as you via the Internet. Transfer balances, change your personal information, order new credit/debit cards, etc. Cloning the websites and replacing the valid links with malicious ones is also trivial. You could be redirected off of a valid looking site to one that is not affiliated with the institution that you thought you were visiting in the first place. The links could contain malware or viruses. Ransomware has become more popular. Ransomware is a type of malware that can completely lock down your computer and force you to call a phone number. When you call, they will demand a sum of money to unlock your computer for you. Without calling, these types of malware are very difficult to remove, usually forcing most people to format their computer completely, thus losing any data that is not backed up. Attackers can also send malicious documents. Word and Excel documents that have macros enabled can be sent. Upon opening these, your computer would be compromised with a shell from your computer to the attackers. This is essentially the same as opening your front door and letting them sit at your keyboard. In today’s world, it is becoming more and more important to protect us as users, not only at home, but at the workplace also. More and more people are using computers, including work computers, to do all of their daily transactions, such as online banking and online shopping. Some of the recent data breaches that occurred could have easily happened because of a well-crafted phishing email sent to an employee. It only takes one person to start establishing a foothold on a network. So what can we as users do to help protect ourselves and our workplace from data loss? Here are some tips:
  • If an email comes from a suspicious or unknown address, don’t open it.
  • No credit company or financial institution will ever ask you to send them your personal information. They already know it. Do not reply to emails with your account or personal information.
  • If you receive an email with a link in it asking you to “Log into the website”, do not trust the link. Instead, navigate to the site like you normally would to log in.
  • Do not open documents in emails unless they came from a trusted source.
  • If you feel like you have been compromised, contact your financial institution, preferably by phone, to inform them and their fraud department of the situation. Also, immediately change your passwords.
  • It is always best to err on the side of caution. Be suspicious of emails when it concerns sensitive data. If an email just doesn’t seem quite right, question it. Call the person or institution that sent it and verify that it is legit.
This blog post was written by Paul Koblitz (@ph4que) of TrustedSec.