Introduction

Phishing is an umbrella term for social engineering attacks that are carried out via emails. Cybercriminals send out these emails in bulk. They cast their ‘phishing net’ to target as many people as possible, in the hopes that at least a few will fall for their trick.

Currently, cybercriminals are exploiting the trend of the ‘great resignation’ with over 800 million LinkedIn members worldwide. Egress found a 232% surge in phishing emails claiming to have been sent by LinkedIn. These emails have been crafted to look legitimate, with the use of accurate email footers, LinkedIn style, logo and colours. Typical subject lines are used, such as “Your profile matches this job” or “You appeared in 4 searches this week”. Note: LinkedIn encourages users to forward any suspected phishing emails trying to impersonate them.  

Check Point

Just last month, Check Point Research published that the impersonation of the DHL brand accounted for nearly a quarter of all phishing attacks worldwide in 2021. These phishing emails typically tricked the user into downloading a keylogger malware such as Snake Keylogger. This type of malicious software records all of the user device’s keystrokes, clipboards and can even take screenshots.

Even during the last quarter of 2021, we saw a wave of phishing emails impersonating Verizon by using a mathematical symbol to imitate their logo. As detected and reported by INKY, this fake email contained a malicious link that led to a fake Verizon website where users are coerced to enter their credentials.

How can users best protect against these more sophisticated phishing emails?

1. Do not click on links claiming to help you directly access your social media account like LinkedIn in order to open “1 new message” or to see “Who’s looking at your profile”. Rather, login to your account directly on the browser.
2. Pay attention to detail. Like with the Verizon logo imitation, read the email carefully and ensure that the logo is genuine. For example, check if the colours are correct, in the correct position or if the quality of the image is grainy.
3. Hover over hyperlinks before clicking on them to make sure that they are actually going to a trusted and legitimate website. Alternatively, type in the URL directly on the browser search bar.
4. Do a quick email phishing spot check:
   • – Do I know who sent it?
   • – Is the subject line something topical that I’m already aware of?
   • – Is the email badly composed (grammar/spelling/language tone)?
   • – Am I expecting the email and attachment?
   • – If in doubt, contact the sender via another communication platform.            

How can organisations mitigate phishing attacks?

• – Conduct employee information security awareness training regularly. This training should cover the topic of phishing – how to spot it, what is the reporting process for suspected or successful phishing emails, or who should be contacted. To ensure they remain effective, these training should be interactive, and include memorable and actionable tips.
• – Phishing simulations should also be carried out on a quarterly basis, as best practice. This simulation consists of attempting to trick employees to either click on a link in the body of the email so that they can enter their details in a credential harvesting website, or to open an attachment. The results of these simulations can help organisations identify if there are any employees requiring further training. It is important that organisations maintain a positive approach and not create a ‘name and shame’ culture as it could discourage from employees reporting potentially successful incidents. For example, if they accidentally opened an attachment which contained malware. A delay in reporting, means a delay in the timely detection and remediation of the incident.
• – Technical controls that can be implemented:
  • – Anti-virus to scan attachments.
  • – Password Manager to help ensure that if users enter passwords in credential harvesting sites, it can be detected if it’s found in the dark web and it can also be easily changed.
  • – Anti-phishing tool such as NoPhish for users to confirm suspected phishing emails.

No Phish

NoPhish is a user-friendly way to defend against phishing emails in real-time, through a one-click reporting process. NoPhish is effectively a button that sits on top of your Outlook ribbon. If you receive an email that you’re unsure about or if you suspect that it’s malicious, you can just click on the NoPhish button at the top of the email. The reported email is then removed from your inbox (‘quarantined’) and sent to the Smarttech247 security operations centre analysts to evaluate. If their investigation finds nothing malicious, the email is sent back to your inbox. However, if it’s found to be malicious then the email is destroyed and you will then receive a NoPhish email notification to confirm that you successfully prevented a phishing attack and that the email has been deleted.

In a sense, this tool also provides positive reinforcement of an organisation’s phishing training. The easy reporting process helps to ensure that all potentially malicious emails are reported and analysed in a timely manner.

Implications of successful phishing attacks can vary from further malware injection, to ransomware, or to data breaches as a result of threat actors exfiltrating the sensitive data held by organisations. A data breach, under the EU GDPR can lead to fines of up to €20 million or 4% of the organisation’s global turnover, whichever is greater.

Author: Mae Patlong,  Information Security Consultant, Smarttech247