Phishing: Recent Examples of Prevented Attacks

In Cyber Alert by Michael Kierman

Phishing, is the fraudulent practice of sending emails claiming to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing may be one of the easiest cyber-attacks to fall for in a world where business communication is conducted in a large portion through email. The classic “This email is from Microsoft and you may have been infected with a virus. Let us remote into your machine to fix it”. Although it may seem obvious here, sometimes the fabrication of these attacks is very detailed and can seem legitimate. Here at Avatar, we do not take this lightly. This attack can come in many different forms. It can come from someone pretending to be from a familiar company, someone you may know or even just a phone call.

The one key feature we use to recognize a scam is that they always need credentials or need access to something that the user has. If you cannot identify the person, do not give out any information. If they try to speed things up, hang up the phone or do not respond. For email, make sure you check to see if it came from a legitimate email. If it did and still doesn’t seem right, contact the person who sent it to you (If you in fact know them). If they are a big tech firm such as Microsoft and you can’t establish the legitimacy of the call, hang up and call back their support. Anything that gives you a bad hunch, follow that hunch.

Working for an IT company, we see scams like these all the time. Recently, we had a customer fall for a phishing attack through an email which then distributed the same email to all her contacts which used her email and password that she gave them on accident. This then leads to others, spreading it and so on. Here is an example, this email came from a known client and was sent to us:

phishing attack

After clicking in the attachment, here is what comes up:

phishing attack

Above, you can see that the PDF document has a link to follow to review the document the user appeared to have sent. When clicked on, your computer even prompts a security warning. Although this might not appear every time, this is a clear indication it is not a good idea.

Below, displays the security warning I received when clicking the link. As you can see, the link tries to connect to a website. I did not go any further. The user was prompted for her email and password.

Once the user supplied her email and password, the phishing attack logged her credentials and started to send out the same email she fell victim to. This ends up turning into a domino effect, where it keeps going even if just one user falls victim. Here at Avatar, we have a few techniques to stop these types of emails from coming in. One of them, we offer a mail filter to block any junk mail from coming in. This mail filter reviews each email and decides if it is junk or has any malicious content. If the filter is unsure, it releases a digest report each day or each week (depending on the user’s preference) so that the user can see if it blocked anything legitimate. Another useful tool we use is user training. One of the biggest defenses an IT company can make, is educating the basic users on the do’s and don’ts. Avatar has setup training conferences to spread knowledge on the basics of IT security, such as suspicious email. We take every measure we can to protect your company!

 By: Shane P. Hartigan