Case study one : The long-winded phish
Case study two : A sponsorship scam
Phishing is still the number one threat to organisations and individuals online today . We , as an organisation , are no exception . We ’ re hit by almost 20,000 suspicious ' emails a week across our network . The following is a rather sophisticated phish that our One System security team identified .
A ‘ bad actor ’ sent an email indicating their interest in a property and that they have specific features they ’ re looking for in a home . The bad actor asks whether the agent could review the sample requirements in an attempt to build rapport . Once the agent agreed , they followed up with an email containing a PDF and a password for ‘ privacy reasons ’. Once this file was opened it advised the recipient to click on a URL within the document - essentially taking the user to an online file share to download a zip file containing malware .
This hack shows sophistication and understanding of the target - being a real estate agent trying to make a sale .
How do we avoid this ?
As trusting as you may want to be , you should never open a file from a source or email you don ’ t know or can ’ t fully identify . The only way to prevent this sort of sophisticated hack is to be vigilant and logical . Think : am I expecting this email ? Does this seem odd or out of the ordinary ? Is there a sense of urgency ? If you sense any red flags , do not open it .
Local sponsorship deals are the bread and butter for building community rapport with the business . From schools to local clubs , our members show their support in many ways , from monetary donations to prizes .
Recently , one of our key security partners alerted us to this incident regarding a targeted imposter threat to one of our members .
Once our One System security was alerted to the potential threat , we investigated the issue and found that one email ( containing an invoice ) amongst a large email trail was intercepted and changed by the imposter .
The imposter then re-sent an email back to our member containing a doctored invoice , with different bank details than the club the agency intended to sponsor . The imposter was also clever enough to ensure they put the " RE :" in the subject line and created a slightly adjusted email domain address , making it appear similar to the original . The security team contacted the principal and IT admins to explain what was found to confirm if the initial engagement was legitimate and check if the invoice had been paid at this stage .
What do we do ?
This was considered a close call as the invoice was yet to be processed and no funds had been transferred to the fraudulent account . All office members were advised to reset passwords and also advised the sponsee to investigate and reset their passwords , as well as enable multi-factor authentication . It was clear from our investigation that somewhere along the line , credentials were accessed and used to intercept this invoice , leading to a potentially fraudulent transaction .
9