Jan. 25, 2019

Dirty Money

Robert Rotert

My new year’s resolution is not to give criminals any money, but here's a dirty secret: Companies do it more often than they would care to admit. No honest business willingly does this of course, instead employees and owners alike are falling victim to sophisticated Phishing attacks and the best defense is an educated and aware workforce!

What is Phishing

The short answer is Phishing is a crafted email that is sent to a user that is intended to look legitimate and trick a user in to clicking a link, provide a password, or respond to the email. If you’re like me, you learn by example. Below are a couple of common vectors.

Vector 1:

Phishers will disguise messages to look like common companies that we all know and deal with. The below Well’s Fargo email below might look legitimate to a person who doesn’t know to look for the clues that indicate the message is a scam.

Wells Fargo

Vector 2:

With a little bit of research scammers are figuring out who the key players at a company are and exploiting trust, and a lack of savvy to swindle companies out of cash. The sample below is a great example of a scammer impersonating the CFO and emailing employees that handle wire transfers. The message has specific details an employee would assume a criminal would not have. This vector is particularly hard for a spam filter to catch because the messages are often coming from a legitimate email address and are highly specific to the target company. It’s missing any of the telltale signs of a traditional spam campaign.

Spear

Knowledge is power

Scammers are exploiting a lack of awareness in the work force and the number one combatant is education. Companies can informally tackle this by having users having users read a few blog articles or formally use security awareness training services that educate and test users comprehension.

If you’d like to know more about some of the extra tools and tricks we use to cut down on phishing attacks click the contact link from the drop down link on the right and let us know what's on your mind!

BTW I’ve included some links to further resources below

Planet Money: The Price of a Hack

Examples of Phishing Emails

Know the Risk - Raise Your Shield: Spear Phishing