One of our vendors just alerted us to this Phishing scam that they have seen over the past few months. One of their customers has been hit with increasing frequency with an attack that follows this 5-step pattern;
- A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
- They start by changing the password, so that the victim no longer has control.
- They then comb through past email correspondence and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
- Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
- The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.
Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”
The bottom line is on preventing this type of attack is to ask yourself – Is there a reason that this message has an attachment? Even though I trust the sender, does it seem out of place to get an attachment from them or a request to open an attachment?
Keep up your guard and your awareness and if you would like Phishing Protection for your company we would be happy to help.