Professional Documents
Culture Documents
Information scam
The next example highlights an attempt-
Figure 2: An example email attack.
ed information phishing scam where
11
November 2018 Computer Fraud & Security
FEATURE
Malware distribution
Another common problem users face
from phishing is the distribution of mal-
ware. The goal of these messages is to
trick a user into either opening an attach-
ment (like the example in Figure 4) or
clicking on a URL.
As you can see with this example, the
criminals are trying to convince the user
to open an attachment by acting as if
the document is pertaining to an urgent
matter. In order for the malware to
Figure 4: Here the attacker is trying to persuade the recipient into opening the attachment. work, criminals have to get the user to
install the software on their computer.
Malware can be distributed in many
forms, including viruses, worms, bots,
ransomware, password stealers and more.
12
Computer Fraud & Security November 2018
FEATURE
Disguised links
Not all threats come in the form of
email attachments, which is why links
should also be handled with just as
much scrutiny. Figure 6 shows exactly
why.
The link itself doesn’t look suspicious:
however, the link actually points to an
entirely different URL (as shown at the
bottom of the image). Links like this are
not only used to spread malware, they
can also direct users to sites set up by
criminals in order to capture credentials
or other personal information. When
unsure it’s best to not click on a link.
You can hover the cursor over the link
without clicking, to identify the actual
Figure 7: Criminals often register look-alike domains in order to appear legitimate.
location of a link.
Spear-phishing
While phishing refers to mass targeting,
spear-phishing messages are specifically
crafted to target a single, specific indi-
vidual in order to create a sense of trust
with that person. Spear-phishing attempts
regularly use impersonation techniques
to convince recipients that the message is
coming from a real source. Figure 8: Here the criminals pretend that they are an internal employee who needs to send an
Effective spear-phishing takes a great urgent wire transfer.
deal of reconnaissance about the target
in order to increase the probability of
a user actually falling for the attack.
Figure 7 shows an example where the
criminals actually took the time to reg-
ister a deceptive domain that contains
the name of an actual entity in order to
appear legitimate.
They obviously want the message to
appear like it’s coming from Netflix;
however, if you look closely at the URL
Figure 9: This email attack tries to persuade the recipient to click on a well disguised link.
– you’ll notice that ‘Netfliix’ is actually
misspelled. This technique is called typos-
quatting, which is often used to sell the
ruse when the attacker wants the user to
click a link.
Wire transfer
Research that analysed 3,000 busi- Figure 10: This email attack starts subtly, with the attackers building up a rapport with the
respondent before revealing their true intentions.
ness email compromise (BEC) attacks
13
November 2018 Computer Fraud & Security
FEATURE
a link, as you can see in Figure 8, and Simulated attack training is by far the
Anti-phishing tips 12% of attacks try to establish rapport most effective form of training, as it
• Here are a few quick tips to with the target by starting a conversation helps humans recognise the subtle clues
help avoid phishing scams: with the recipient (eg, the attacker will to identify phishing attempts and gives
• Wire transfers should never ask the recipient whether they are avail- employees a baseline understanding of
go out without an in-person able for an urgent task). With these rap- the latest techniques that attackers are
conversation or phone call. Use port emails, in the vast majority of cases, using.
additional care with phone calls after the initial email is responded to the
if the only contact information attacker will ask the victim to carry out a About the author
is included in the potentially wire transfer. Chris Ross is SVP international for
fraudulent email. However, an important observation Barracuda Networks. He has extensive
• Don’t click on attachments or is that about 60% of BEC attacks do international experience as a general
URLs from unknown sources. not involve a link: the attack is simply manager and VP of sales for both leading
Sometimes even sources that a plain text email intended to fool the industry names and emerging technol-
you think are safe could have recipient to commit a wire transfer or ogy companies. He currently manages
been impersonated by criminals. send sensitive information. These plain Barracuda Network’s business across
If there’s ever a question of text emails are especially difficult for Europe, Middle East, Africa, Asia Pacific
legitimacy, you can always go to existing email security systems, because and Japan. Ross joined Barracuda in
the site directly in your browser. they are often sent from legitimate April 2015. Before that, he served as
• Attachments and emails with email accounts, tailored to each recipi- vice-president worldwide sales of Arcserve,
attachments should always be ent and do not contain any suspicious a storage software company responsible for
treated with care because with links. sales and marketing.
much of the malware being dis-
tributed today simply opening “Simulated attack training References
a single file can result in your is by far the most effective 1. Ross, Chris. ‘Could complacency be
computer being infected almost form of training, as it helps setting in when it comes to ransom-
instantly. Attachments may pro- humans recognise the ware?’. Barracuda Networks, 25 Jul
vide some indicators. subtle clues” 2018. Accessed Oct 2018. https://
• Many information scams claim blog.barracuda.com/2018/07/25/
that an email login is required All of these examples are just a small could-complacency-be-setting-in-
to access some resource or sample of the many variations of the when-it-comes-to-ransomware/.
document. A good practice is to scams that criminals are sending out 2. Ross, Chris. ‘Weighing up the email
never enter login credentials on each day, but these examples certainly security threat in EMEA’. Barracuda
a page that was reached via an make the case for why today’s users need Networks, 11 Jun 2018. Accessed
email link, regardless of whether to be properly trained in order to stay Oct 2018. https://blog.barracuda.
or not the email was legitimate. safe online. com/2018/06/11/weighing-up-the-
Instead, go to the site directly in email-security-threat-in-emea/.
your browser to log in. Beating the bad guys 3. ‘2018 Data breach investigations
• Money scams are notorious for report’. Verizon, 10 Apr 2018.
displaying poor grammar and The best defence against phishing and Accessed Oct 2018. www.verizonen-
in many cases the language used spear-phishing is to make users aware terprise.com/verizon-insights-lab/
could appear to be coming from of the threats and techniques used by dbir/.
someone who may be writing criminals. A few tips are included (see 4. Cidon, Asaf. ‘Threat Spotlight:
English as a second language. box) based on the examples above; Barracuda Study of 3,000 Attacks
Just remember, if something however, the best approach would Reveals BEC Targets Different
sounds too good to be true – it be for organisations to implement a Departments’. Barracuda Networks,
probably is. simulation and training programme to 20 Aug 2018. Accessed Oct
improve security awareness for their 2018. https://blog.barracuda.
showed that 47% of the attacks had a users. com/2018/08/30/threat-spotlight-
main objective of getting the recipient Employees should be regularly trained barracuda-study-of-3000-attacks-
to carry out a wire transfer.4 About 40% and tested to increase their security reveals-bec-targets-different-depart-
of attacks ask the recipient to click on awareness of various targeted attacks. ments/.
14
Computer Fraud & Security November 2018