sb-eu logo
Story image

Caught in the wild: A look at email scams and spam

21 Aug 2018

When we first opened our doors nearly 15 years ago, spam was causing major problems in corporate inboxes. While spam bogged down users, the messages themselves weren’t typically malicious. A lot has changed since then.

Today, cybercriminals are using all types of tactics to launch attacks through email, including some clever phishing campaigns where the most effective line of defence is the human firewall.

The human what? In a world where organisations have vendors jumping in front of each other to deploy their “best-of-breed” security solutions at headquarters and everywhere else, the only thing between your company and a ransomware attack could be whether or not your users click or don’t click on a malicious link.

Every day cybercriminals come up with a wide variety of phishing tactics with the intent of scamming innocent users. In May alone, Barracuda blocked over 1.5 million phishing emails and saw over 10,000 unique phishing attempts – the same email content, potentially sent to hundreds or even thousands of people. In most of June, Barracuda blocked 1.7 million phishing emails with over 2,000 unique attempts.

Here are some of the real attempts sent by criminals:

1. Money scam

Criminals attempt to scam users out of money. In similar attempts, we’ve also seen criminals try to acquire information or infect a computer with malware.

Money scams like this are fairly common. They often promise a large sum of money to the user like this one. When the recipient replies, the criminals usually request a smaller sum from the user, and in return, promises to send a larger sum back — which of course never happens.

2. Information scam

Cybercriminals attempt to gather information from a user. In this case, a spoofed bank message tries to convince the user to act on their request.

The criminals did a decent job of making this message appear to actually come from a bank. However, if the user clicks on the link, they could be prompted to enter their credentials in a different window — ultimately surrendering their username and password.

3. Malware distribution

Another common problem users face from phishing is the distribution of malware. The goal is to trick a user into either opening an attachment or clicking on a URL.

In this example, criminals are trying to convince the user to open an attachment by acting as if the document is pertaining to an urgent matter. For the malware to work, criminals have to get the user to install the software on their computer. Malware can be distributed in many forms including viruses, worms, bots, ransomware, password stealers and more.

4. Multiple file extensions

Phishing attempts often require a user to open an attachment to install malware. However, there are a lot of different ways criminals attempt to convince users to do this. One way is that they’ll include attachments with multiple file extensions in an attempt to trick users into thinking that the file type is different than it actually is.  

Here the criminals are using a “PDF.zip” file extension, which should raise a red flag to the user because they’re two different file types. However, this could easily be looked past since they’re also file types that most people would find familiar.

5. Disguised links

Not all threats come in the form of email attachments, which is why links should also be handled with just as much scrutiny.

The link itself doesn’t look suspicious; however, the link actually points to an entirely different URL. Not only can links like this be used to spread malware, they can also direct users to sites set up by criminals to capture credentials or other personal information.

When unsure, don’t click on a link. You can also hover the cursor over the link without clicking, to identify the actual location of a link.

6. Spear phishing   

While phishing refers to mass targeting, spear phishing messages are specifically crafted to target a single, specific individual to create a sense of trust with that person. Spear phishing attempts regularly use impersonation techniques to convince recipients that the message is coming from a real source.

Effective spear phishing takes a great deal of reconnaissance about the target to increase the probability of a user actually falling for an attack. Here’s an example where criminals actually took the time to register a deceptive domain that contains the name of an actual entity to appear legitimate.

They obviously want the message to appear like it’s coming from Netflix; however, if you look closely at the URL, you’ll notice that “Netfliix” is actually spelt incorrectly. This technique is called typosquatting, which is often used to sell the ruse when the attacker wants the user to click a link.

Take action 

All of these examples are just a small sample of the many variations of phishing scams criminals are sending out each day, but they certainly make the case for why today’s users need to be properly trained to stay safe online.

The best defence against phishing and spear phishing is to make users aware of the threats and techniques used by criminals. The best approach is to implement a simulation and training program to improve security awareness for your users, to help them recognise subtle clues to identify phishing attempts.

Article by Barracuda Networks senior sales engineer Mark Lukie.

Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More