Hackers are always looking for ways to make their phishing attacks more effective. Afterall, phishing scams are big business. The last thing a hacker wants to do is to go through all that trouble of social engineering, putting up a fake website and crafting a clever phishing email only to send that email to a dead account. One without a live person on the other end opening the email.
So, what have hackers started to do to make sure they don’t waste their time? The same thing the military does to size up a target before launching an attack: reconnaissance.
Word comes now from the Lawyer’s Insurance Association of Nova Scotia that hackers have started sending out “probe” emails to targeted accounts to make sure there’s a live person on the other end before launching an attack. According to the association, they “have recently seen an increase in reports of probe email scams being received by lawyers. Probes are a series of test messages sent by spammers/scammers to determine if there’s a live person at the other end opening the email.”
“The emails will often feature logos or other legitimate information in order to appear to be an authentic communication. The goal is to have the recipient respond to the email, then begin an attempt to either phish for banking information or other sensitive personal data, or provide links or attachments that, when opened, would infect the user’s computer system with viruses, and in some cases remotely commandeer the victim’s computer.” In other words, reconnaissance.
By now, most people, especially lawyers, know to be on the lookout for phishing emails. But, do they know to be on the lookout for “probe” emails? Some of the telltale signs of phishing emails, such as malicious links, may not be in probe emails. So, a lot of the employee awareness training may not be effective in identifying these probe emails. It’s even possible that phishing prevention software may not completely eradicate these probe emails.
So, what should you do to protect yourself from these probe emails? Two things.
The first is to use common sense, such as don’t respond to emails you aren’t expecting. If you think it might be legitimate, contact the person by some means other than email. And if you don’t have another method of contacting them, that’s a clue the email may be bogus.
The second thing you should do is assume you’re going to fall for the probe email scam and deploy phishing protection software for the inevitable phishing attack that is sure to follow. With or without probe emails, there’s no reason not to take advantage of affordable technology to protect yourself from phishing attacks.
Cloud-based phishing protection software like that from DuoCircle requires no hardware, software or maintenance. It sets up in 10 minutes, comes with 24/7 live technical support and costs only pennies per user per month.
With or without reconnaissance emails, phishing attacks are not going away. Do the right thing and keep you and your employees safe with Phishing Protection from DuoCircle.com