Scam Of The Week: Phish With Hidden Sting



jellyfish_stinger.jpgAs you may have heard, KnowBe4 has released a no-charge Outlook Add-in that allows employees to report phishing attacks to their Incident Response team with just one click. It's called the Phish Alert button.

What you probably didn't know is that system admins have an option to share these phishing emails with KnowBe4's researchers and many do. We have tens of thousands of our Phish Alert add-ins installed now and our analysis of these is showing some interesting results.

There is a particular type of malicious email our research team sees more and more of. This attack plays out as follows:
  1. Employees receives an email with an attachment -- usually PDF or DOC.
  2. Body of the email contains no malicious links and consists only of a social engineering ruse to open the attached doc.
  3. The attached doc is itself not malicious -- i.e., no exploits or malicious macros/scripts. What's visible to the user is a second ruse to click an embedded link in the document.
  4. The link embedded in the doc leads to either an exploit site/page or a fake login page for a recognized service.

These phishes are slipping past AVs and email security apps/appliances because the email body contains nothing obviously malicious and the attachment itself is not malicious in and of itself. AV and email security apps are not scanning the links in the attached docs.

This is something to watch out for, and warn your employees about. I would send them the following, and while you are at it, send it to friends and family as well.

"Bad guys are getting smarter by the month. They now send you emails that your antivirus and spam filters do not catch. It goes like this: The email has an attachment that you are tricked into opening. In the attachment is a link that they try to make you click on. The link goes to a malicious website and will infect your computer.

Do not open attachments you did not ask for. When you get an attachment, verify if that person sent it to you and why. If in doubt, throw it out. Always Think Before You Click."

You can get your own free Phish Alert Outlook Add-in here. (business accounts only)

This is a screen shot of how the attachments can look:

double_Phish.png

 

 

 

 

 




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews