I hope to never receive an email from the United States Supreme Court. It couldn’t possibly be good news. I would be very suspicious. But there is one small group of people who, if they received such an email, might not be suspicious: C-suite executives. And that’s exactly what some hackers thought as they targeted such individuals with a zero-day credential phishing attack impersonating the Supreme Court.
According to an article in SC Magazine, “Users received an email with a subject header that read ‘This email is a writ issued by the Supreme Court’, to compel you to attend the below hearing. The attackers were mainly trying to use fraudulent emails to steal credentials so they could launch other, more destructive attacks.”
The secret to making this attack successful was ensuring it was a zero-day attack. In other words, it used phishing pages which were brand new and hadn’t shown up in some of the blacklists yet. Creating a new domain also allowed the emails to slip by Microsoft filters. From the article, “This attack in the United States has been tougher to detect than other such cases around the world because it avoids known malware and instead opts for a zero-day credential phishing page.”
The hackers weren’t satisfied with simply creating a new phishing page though. They employed a series of techniques to avoid detection and to increase the appearance of legitimacy. According to HackRead, “the emails themselves contain a ‘zero-day link‘ that redirects the user through a series of steps in a bid to increase the apparent legitimacy of the message. This first involves going through a typical captcha. The inclusion of CAPTCHA also makes it harder for security technologies relying just on URL redirection abilities to follow the URL to its final destination.”
So, how should you protect yourself from these clever, zero-day phishing attacks? First, you need to be vigilant. You should be permanently suspicious of any email you weren’t expecting. Second, you should deploy real-time phishing protection software like that available from DuoCircle.
Phishing Protection from DuoCircle is real-time. That means one second after the first phishing email is discovered, you’re protected. There’s no waiting 24 hours to check an updated blacklist. And Phishing Protection is fast to deploy and incredibly affordable—only pennies per user per month.
Even if you don’t inhabit the C-suite, you and everyone in your company should be protected from the next zero-day phishing attack by deploying Phishing Protection from DuoCircle. You can try it free for 60 days.