BOLO: New, Highly Sophisticated Phishing Attacks

Historically, “advanced” phishing schemes took advantage of commonly received emails, such as an Amazon invoice email, a Bank of America account alert, an Apple/iTunes order, and so on.  These emails looked convincing and were difficult to spot.

Recently, the bad guys have upped the ante with a new, very sophisticated method of phishing.  The process works like this:

  1. The attacker works to compromise an email account; could be anyone…could be you
  2. Once compromised, they scan your Sent email looking for recent “active” correspondence
  3. They use that recent correspondence to send an email to all of the original recipients, impersonating you!
  4. In the email, they’ll include a malicious attachment or link to a malicious Website
  5. They’ll surround the attachment or link with information that makes it appear as though you are sending this email

Part of the challenge with this type of attack is that, if no one alerts the victim that their email has been compromised, the victim has no idea they’re being impersonated.  But the real and obvious danger is to the recipients.  The malicious, phishing emails are being sent as responses to real correspondence.  They could include a legitimate subject, an actual signature with a corporate logo, familiar names and nicknames, and so on.  Some of these emails have been seen with legitimate requests for documents, which were replied to with a “document” which was unfortunately malicious.

What you should do:

  • If you receive an email that looks suspicious, call the sender and ask them if they sent the email
  • If someone calls you about receiving a suspicious email from you, notify your IT staff or company and immediately change your password
  • As always, if something doesn’t feel right, don’t click on it or open it
  • If you do open an attachment or click on a link, and something doesn’t look right, shut down your computer and contact your IT staff or company.  Do not forward the attachment to other people in your organization.

If you need help securing your email system, please don’t hesitate to give us a call.  If you have opened an attachment and are dealing with an outbreak, please call us right away.  We have a plan and know what to do.