Very Creative Phishing Attack

It all starts with a calendar invite, but there is a setup. The con is that your bank account has been compromised and you need to fix it.

The attack starts with an email titled (like) “Fraud Detection from Message Center”. This part of the attack uses a real but compromised Office 365 account, complete with legit email security like DKIM and SPF.

The invite is hosted on the real Office 365 Sharepoint.com and contains a link. Clicking on the link causes another relatively simple document to open with another link.

Since hackers are equal opportunity crooks, when the user clicks on this link, they get transferred to a phishing site hosted at Google where the user is presented with a very convincing Wells Fargo site page.

The user is then prompted for the login information, PIN, various account number details and email credentials.

Assuming the user falls for all of this, they are taken to a legitimate Wells Fargo login page designed to make the user think the account was secured, when in fact, the user just gave the hacker the keys to the cookie jar. And likely all of his or her money.

According to the security vendor (Cofence), this is not the first time that hackers have used Google’s infrastructure to host malware. Credit: SC Magazine

So what should you be doing?

Education. Education. Education.

Anti-phishing training should be a requirement at all companies and for all employees. At the low end there is free training, but for most companies, there is a moderate cost solution that is highly effective.

Some companies send the same phishing email to everyone, maybe once a quarter. That is not an effective approach to train employees. The program needs to be much more active in order to be effective.

As you can see from the sophistication of the attack above, the hackers are working overtime to steal your money.

You need to work equally hard to protect it.

If you need help with your anti-phishing training, please contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code