Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

9/9/2019
08:30 AM
Joan Goodchild
Joan Goodchild
Edge Features
50%
50%

Phishers' Latest Tricks for Reeling in New Victims

Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.

6. Hiding in Legitimate Apps
File-hosting and sharing websites, such as Dropbox or Google Docs, are among the newest attack vectors that Eric Brown, senior security analyst at LogRhythm, says he has seen. 

"The websites as a whole are legitimate, but attackers are starting to use them as avenues for hosting specific attacks," he says. "For example, an attacker will upload a file that includes a malicious URL that is difficult for the service to identify or block. Then the targeted recipients receive emails via the service's notification system, with links to the unsafe or malicious hosted file."

This kind of attack is stealthy because it is harder for an employee to recognize than a standard phishing email, Brown says. The notification email is from a genuine service and email address, and the link to the hosted file is legitimate as well – it's being hosted on the website the employee actually uses. It's only after the employee opens the document that he's then exposed to the malicious plant.

Here is a screen shot of an original email. The email sender (dropboxmail.com) is legit and from the Dropbox.com notification service. The only part that looks suspicious or out of place is the name of the person who shared this document; 'Michael Stoker,' itself, is OK, but it does not match or look close at all to the associated email: 'hroan@c0rus360.com.' (Image Source: LogRhythm)

Here is a screen shot of an original email. The email sender (dropboxmail.com) is legit and from the Dropbox.com notification service. The only part that looks suspicious or out of place is the name of the person who shared this document; "Michael Stoker," itself, is OK, but it does not match or look close at all to the associated email: "[email protected]" (Image Source: LogRhythm)

7. Industry-Specific Hooks
Ranjeet Vidwans, co-founder of Clearedin, says his team is noting a risk in phishing within the real-estate industry.

"It's an industry where there's several third parties – insurers, agents, banks – that may be unfamiliar to the buyer," he says. "Sensitive information is often sent via email."

Vidwans predicts there will be more BEC-style phishing attacks, too.

"BEC attacks would mean a bad actor posing as, say, a closing agent, emailing their assistant to please shoot over some quick SSNs so that they can file this paperwork, and people will do it without thinking twice," he says.

8. New Topical Lures
Vidwans also notes that the age-old tactic of using what is hot or topical is new again, but the hook is different. For example, the possibility of a recession is now a ripe topic for phishers when looking for ways to lure victims.

"We expect to see damage from phishing activity rise significantly once the recession hits in full," he says. "There are a few reasons for that. Layoffs mean you have less staff doing the same work. So employees are moving at a fast pace and are less likely to catch suspicious spear-phishing attempts. Another reason is you have more phishers out there, looking to make money in an ailing economy. You also have more job search activity – and in a bad economy – people are much more open to opportunities than they otherwise may be."

Related Content:

 

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio

Previous
3 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Flash Poll