- A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
- They start by changing the password, so that the victim no longer has control.
- They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with the company in the past.
- Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve seen some that referenced a specific real invoice # for that individual.
- The email always includes a spreadsheet or PDF. The name can be generic or really specific. We’ve seen some titled with a specific real invoice # for that individual.
Because these emails are coming from a real email account for a real business partner, they are really hard to detect, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.
What to Do About This Threat
Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.
However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?
If they did not, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent before the attachment is opened.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for security awareness training for your organization.