Researchers see a new trend in phishing.
Hackers are inserting themselves into email conversations between parties known to and trusted by one another. Once in, they exploit that trust to trick users to open a malicious document that carries the Gozi Trojan as a payload.
Another highly tailored bit of social engineering to inoculate employees against. If an email exchange with a trusted party suddenly presents you with an unexpected and not particularly germane attachment, be suspicious and report it to the right people in your organization using the Phish Alert Button.
ZDNet has the story: http://www.zdnet.com/article/this-phishing-trick-steals-your-email-and-then-fools-your-friends-into-downloading-malware/
Do your users know what to do when they receive a suspicious email?
Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?
KnowBe4’s Phish Alert button now also works for Gmail users with G Suite using Chrome. This gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!
Best of all, there is no charge!
- Reinforces your organization's security culture
- Incident Response gets early phishing alerts from users, creating a network of “sensors”
- Email is deleted from the user's inbox to prevent future exposure
- Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
- Supports: Outlook 2007, 2010, 2013, 2016 & Outlook for Office 365, Exchange 2013 & 2016, Chrome 54 and later (Linux, OS X and Windows)
This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!
If you do not like to click on buttons with redirects, here is a link you can cut and paste into your browser: https://info.knowbe4.
