Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Scam Of The Week: Phish With Hidden Sting

    jellyfish_stinger.jpgAs you may have heard, KnowBe4 has released a no-charge Outlook Add-in that allows employees to report phishing attacks to their Incident Response team with just one click. It's called the Phish Alert button.

    What you probably didn't know is that system admins have an option to share these phishing emails with KnowBe4's researchers and many do. We have tens of thousands of our Phish Alert add-ins installed now and our analysis of these is showing some interesting results.

    There is a particular type of malicious email our research team sees more and more of. This attack plays out as follows:
    1. Employees receives an email with an attachment -- usually PDF or DOC.
    2. Body of the email contains no malicious links and consists only of a social engineering ruse to open the attached doc.
    3. The attached doc is itself not malicious -- i.e., no exploits or malicious macros/scripts. What's visible to the user is a second ruse to click an embedded link in the document.
    4. The link embedded in the doc leads to either an exploit site/page or a fake login page for a recognized service.

    These phishes are slipping past AVs and email security apps/appliances because the email body contains nothing obviously malicious and the attachment itself is not malicious in and of itself. AV and email security apps are not scanning the links in the attached docs.

    This is something to watch out for, and warn your employees about. I would send them the following, and while you are at it, send it to friends and family as well.

    "Bad guys are getting smarter by the month. They now send you emails that your antivirus and spam filters do not catch. It goes like this: The email has an attachment that you are tricked into opening. In the attachment is a link that they try to make you click on. The link goes to a malicious website and will infect your computer.

    Do not open attachments you did not ask for. When you get an attachment, verify if that person sent it to you and why. If in doubt, throw it out. Always Think Before You Click."

    You can get your own free Phish Alert Outlook Add-in here. (business accounts only)

    This is a screen shot of how the attachments can look:

    double_Phish.png

     

     

     

     

     

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews