We have been alerted of a really complex phishing scenario that is becoming increasingly frequent, and could easily affect any organisation. Often, this scenario follows this five step sequence:
- A known supplier or customer falls victim to a phishing attack. Their email credentials are compromised, and the cyber-criminal gains access to their email account.
- The cyber-criminal starts by changing the password, so that the victim no longer has control.
- They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legitimate correspondence they have had with your company in the past.
- Depending on the cyber-criminal’s dedication to his craft, these could be fairly generic, or extremely specific. Some have been known to include an inquiry that referenced a specific real invoice to the recipient.
- The email can include a spreadsheet or PDF, with a generic or very specific name.
As these emails appear to be coming from a known business partner and email address they can be extremely difficult to identify. Sometimes these emails can be spotted by incorrect grammar and spelling, but others are indistinguishable from real emails.
These types of cyber-attacks can be very dangerous and frustrating, with most users being unable to identify bogus emails even when they have received training on what to look out for. Our main advice in the case of this scenario would be, if you have not requested the document attachment it would be wise to double check whether it is legitimate by using another channel such as a phone call, especially before making a payment.
There are also tools such as Mimecast that can help to add an extra layer of protection to your emails, but these sophisticated attacks may still be able to penetrate the protection of these tools.
It is important to continually improve and reinforce the cyber security culture in your organisation due to the ever changing threat landscape. If you are concerned about cyber security in general, or any specific type of threat, simply contact our team who would be more than happy to discuss your concerns, requirements and potential solutions.
