Anatomy of a Phishing Attack - Part 2

Last week we defined "Phishing" as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers and other private information.

We analyzed the opening of the email including the subject, who it was sent from and whom it was sent to and the greeting salutation, all of which caused us to conclude that this was sent from a nefarious source and deem this communication as an attack. Today we will investigate the first paragraph so that we raise our awareness of such fraudulent messages and protect ourselves and our employers. Please review the following statement:

1. Repeating Bank of America’s address and correlating data attempts to reinforce that this is an “official communication”.
2. Incorporating a date into a communication establishes a marker which depending on your perspective could induce urgency on your part.
3. The mention of the U.S. Treasury and JP Morgan Chase and likely the correct headquarters address. I did not verify but I am confident that had I researched the address, it is likely accurate.
4. The mention of Africa and payment obligations and the correlation of my funds totaling $850,000.

Analysis:

• They are trying too hard and attempting to correlate bad information with accurate information in order confuse end users and cover their tracks.
• The mention of the U.S. Treasury, JP Morgan Chase and a dollar amount that are “your funds” attempts to induce anxiety or at least the question that some may ask whether they actually have such funds. Chances are if you are not aware that you have such capital at stake, it is likely not a real “Official Communication”.
• The mention of Africa and payment obligation – I’ve never banked with anyone in Africa and I am not expecting any transactions from anyone in Africa. The attempt to place an end date is to raise the urgency if someone actually believes they have $850 K at stake.
• This is where the scam part comes into play, there are those that are not owed such monies but will actually attempt to receive such capital distribution at their own peril.

Why is this important?

The sender although likely not having any form of prior relationship is attempting to build a rapport with the receiver. One of trust and diligence in order to stage the setup. It is likely that most Internet users will never see this communication by having the appropriate measures in place, although there is almost always a few that get through the filters and threat analytics.

The bad guys only have to get a right once in order to present a "real danger" while the good guys must be correct each and every time to defend the majority. Security is a shared responsibility and we rely on every user to maintain an awareness of the current conditions to protect themselves, their family and potentially our places of work given that you are empowered to Bring Your Own Device (BYOD) to your place of employment.

Among the worst actions a user can exhibit is to bring a device and provide access to employers resources without the appropriate approval from IT and IT Administrators. It is likely that largest corporations have Network Access Control or NAC in place to prevent unsanctioned devices from gaining unauthorized access although this may not always be the scenario. Small businesses are particularly vulnerable as they typically rely on a third party to help manage IT resources and at times maybe completely unaware of the necessity to implement such measures.

If you receive such a communication and you are unsure of its authenticity, stop, think and phone a friend. We all know someone in IT that has assisted us at one time or another. You are always welcome to add on to this post and we will do our very best to assist you.

#ToYourSuccess @TiotBiz