Anatomy of a Phishing Attack - Part 1
Ahmed Sharaf Cybersecurity Automation
SOAR / SIEM / XDR / ZTNA / IAM
Phishing with a “Ph” as opposed to the traditional way most people relate to fishing remains ones of the most popular methods for an attacker to gain access to your system or device to initiate an attack. In the era of bring your own device (BYOD) this could be very hazardous to corporations and business in general and is the most likely trigger for a horizontal attack originating from your device. In other words, an attacker can take control of your personal device and use the device as a platform to attack your employer. Let’s begin by defining what is “Phishing”.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers and other private information.
An email traversed the wire not too long ago which is the catalyst for this post, thus we will explore some of the methods to identify a phishing attack and what we can perform to protect ourselves and our employers. The very first line of defense is our people, knowledge and awareness. If an email originating from a sender that is unfamiliar to you, the best defense is stop and think before you click on anything and review more in depth. After giving the following communication a quick read, it reminded me of the Nigerian Prince Scam. No, a Nigerian Prince does not want to give you money. This is an example of the Nigerian letter scam and it comes in many forms. The Nigerian letter or email scam is very common and typically requires the victim to send money to the scammer and, in turn, the scammer will reimburse them several times over.
The Opening:
The first and most notable observation is the subject in my scenario, “Official From Bank of America Corporate Office”. Most financial institutions do not send out general email with official communications stamped unless the customer is in direct communication with the financial institution and is expecting such communication for a specific reason. In my case, I do not bank with Bank of America which was the first red flag and made it easier for me to identify. Remember to stop and think, if it sounds too good to be true, it usually is not true!
The next notable observation is who the communication originated from and to whom the communication was sent to. In the example, I do not know or recall ever being in touch with Ms. Blake, still that may not be enough to go on, however when we review whom it is sent to, the communication is being sent to a blind distribution list. If we stop and think and ask ourselves, why would an official communication be sent to a distribution list, that may be enough to raise our suspicion level. The next observation is the opening, which caused me to research whether the address actually is Bank of America’s Corporate Office and in fact it is.
A quick Google search returned that it was and I have never seen an “Official Communication” start in this manner and led me to believe that they are trying too hard to make the communication appear official. The final and most notable observation in the opening, is whom it is addressed to. If I had a relationship with Bank of America and this was an official communication, why was it not addressed to me directly? Financial institutions are not in the business of sending out blanket emails delivered to a distribution list requesting money and not addressed to a specific person.
At this juncture, we likely have enough data to ascertain that this is a phishing attack and could delete the communication, empty your deleted folder and move on with your day! Please review my next post to continue with our analysis for the purpose of the example and enhancing your personal protection.
#ToYourSuccess @TiotBiz