Yuen Pin Yeap, CEO at NeuShield
Holiday 2020 Phishing Emails
Have you ever wondered how ransomware gets into a corporation? Well, email is still the number one way that ransomware spreads. With the holiday session upon us, it is important to educate and train your employees to be extra vigilant when opening and responding to email.
Email threats are especially active this time of year. People spend extra time online shopping and preparing for the holidays. This makes it easier for criminals to slip in using holiday themed specials.
The following examples are common types of phishing emails you should watch out for:
- Holiday Promotions and Specials: Fake email flyers that advertise great deals from well-known companies.
- Invoices and Order Confirmations: Phony invoice or confirmation of orders placed online. Some may give you the impression that someone else has been placing unauthorized purchases using your account.
- Shipping Notices: A fraudulent notification that a package is coming, or a delivery exception has occurred, making the user believe this is a package they previously ordered.
- Security Alert: An erroneous warning about some issue with one of your accounts. These alerts could be notifying you that your account is going to be deleted or a security breach has happened.
- COVID19 Stimulus Check: An email pretending to be helpful to the user to get their stimulus check faster or by offering to do the paperwork required to get the payment.
- Tax Collection Agency: As suggested by the email source, this type of attack focuses on tax related things. It can inform the user about a made-up issue with your tax filing or account that needs to be updated. It may also include a phony tax “form” as attachment and urging you to open it.
A cyber crook may initially use an email to get your attention and entice you to act quickly. However, there are several methods they can use in these emails to gain access to your computer:
Attachments are commonly used to distribute ransomware. The payload can be hidden in a common file formats such as, Adobe (PDF), Office (DOC/XLS/PPT), ZIP archive (ZIP/7z/RAR), Command Script (BAT/CMD), HTML, etc. The email body is worded in such a way to entice the user to open the attachment. Upon opening, the ransomware installs itself on the computer. It may also spread laterally and infect machines it can connect to. Some ransomware attacks immediately. While others may lie dormant for days or weeks before encrypting all your data.
Attack from the Cloud:
Malicious links may be embedded directly in the email body. Clicking the link may download the malware and infect your computer, or the link can lead to a fake website purporting to be your Office 365 account or your companies’ login page to dupe the recipient into giving away user credentials or other sensitive information. The stolen information can then be used by the attacker to break into the company’s network and implant ransomware.
With some specific and carefully crafted email, criminals can trick the user and convince them into doing something for them. This could be giving the attacker money, giving them credentials, installing some program, creating a user account, etc. This is the age-old type of deception with a cyber twist. Social engineering requires highly skilled criminals and can be used to attack high value targets.
It is always important to pay close attention to the emails you get and delete suspicious emails. However, during the holiday session it is even more important to be vigilant.