Phishing Education: two case studies and tips

by | Nov 3, 2022 | Security, Web, Windows

searching for a suspicious email from a bunch of emails.

Continuous phishing education is important to anyone who uses the Internet. So, pretty much everyone. A “successful” phishing campaign can lead to the loss of sensitive data, personal information distributed, or extortion.

People know not to click on spam messages, or suspicious texts, or to give away sensitive information like a social security number online.

However, phishing attacks are becoming more sophisticated and harder to catch. The better to trick you, my dear. Recently, a SpireTech VIPSupport client had a close call. The attacker was able to mimic the appearance and email of an official collaborator of our client.

The only tell was a lowercase “L” instead of an uppercase “i”. So simple, and so hard to catch in the moment. Phishing attacks can fool experts too!

SpireTech has seen an increase in this type of “hidden” attack. They may create an email address that has “billing@” in it, replace an O with a zero, an L for an i, a 4 instead of an A, and other small deviations from the original company’s design.

Security Vulnerabilities from a Spoofed Names

Phishing protection can come with simple heightened vigilance.

In another hacking attempt, a user received an email from a trusted contact, and used formatting that looked legitimate. This message included an attached PDF, which contained a link asking them to click for more information. When a user would click this link, they would be taken to a webpage with a normal looking Microsoft login screen, however the page URL was for a 3rd party site (e.g. thisisnotmicrosoft.com).

This kind of attack is meant to trick the user into entering their Microsoft credentials, then approve the following MFA prompt. If this hacking strategy succeeds, the attacker is able to steal the valid login cookie, and then use it to access the account without further prompts for authentication.

Another example from recent headlines: a hacker was able to obtain the password of an Uber employee, but was unable to login until MFA was completed. The attacker then sent countless MFA login requests to the employee of the company. Inundated with these notifications, the employee finally approved one, hoping to stop the noise. This “MFA Fatigue” is just what the attacker wanted, to annoy someone into letting their guard down. They were able to gain access.

SpireTech’s Help Desk deals with multiple phishing attempts a day from our clients; it is extremely common! Here is a list of (nearly) every dirty trick in the book. Whether it’s a junk message or email phishing, we’ve got you covered. Beware these patterns found in phishing scams.

Common Tactics to Increase Phishing Awareness

  1. Changing a character in the web address or email address, or using a similar domain (i.e., the same domain ending in “.net” instead of “.com”) to resemble a legitimate company.
  2. Copying and changing the past emails in the thread, including those CC’d.
  3. Name spoofing, in which they mimic someone who might be within the legitimate company.
  4. “You’ve received a voicemail/fax/file/tracking for a package” with a link or audio file attached.
  5. A file could lead to a Microsoft (or other) login screen that looks official. The target enters their login information but cannot login. They leave the page. Meanwhile, an attacker has recorded their username and password.
  6. An image of an invoice or other vital “notice.”
  7. Beware attachments from files in .html, .htm, .doc, .docx, .xls, .xlsx, and .pdf form.
  8. Imitating Microsoft with a dire message: your password is about to expire, or your inbox will be deleted. Microsoft will never send you an email about this. Don’t fall for it!

What can you do right now, today? You could start filtering by unknown senders in your email, perhaps beyond their standard spam filters. Keep an Unknown Senders tab if you want the records. Stopping spam text messages can be as easy as clicking, “block this caller.” Report spam texts you see fit; this is the best consumer response your messages app could have.

The SpireTech Help Desk deals with five or six phishing attempts a day. They are much more common than most people think, and they become harder to spot every day. If someone isn’t watching for these phishing attempts, it would be incredibly easy for something to slip through. Be careful, be safe, and be suspicious.