Posted by Trevagh Stankard on Tue, Nov 16th, 2021
Did you know scammers have been around for a couple thousand years or more? The earliest attempted ruse on record took place in 300 BC when a Greek sea merchant named Hegestratos, attempted an insurance scam on his ship and cargo. Since then, criminals have been conceiving an endless assortment of scams to fleece someone for a quick payout. Phishing attacks give cybercriminals incredible leverage to deliver their scams on a grand scale. Some of the common ploys involve such things as:
- An email alerts you of an outstanding invoice from a known vendor and provides you a link to pay the invoice. The link leads to a spoofed website and you type in your credentials, an attacker steals them and uses them to access funds.
- Your bank or credit company emails you requesting that you update your personal information and payment information for their records. A link is again provided to a spoofed site.
- Then there is that dreaded email from the IRS alerting you that you owe money to the IRS and are facing legal action if not paid in full within an allotted amount of time. Once again, a link is involved.
These are some of the tried-and-true scams out there, but scammers are always drumming up new angles to target those who have wised up to the usual fraudulent attempts. We thought we would take the time to introduce you to some of the new scams out there trying to trick you into clicking that link.
The Question Quiz Scam
Everyone loves to win, especially if it’s a contest that involves a prize. Recently, the Akamai Threat Research team uncovered an attack they call the “question quiz.” The targeted victim receives an email or Facebook Invite from a well-established brand asking them to participate in a quiz. Those who participate and complete the quiz are told they will receive a nice prize. The attack was backed by an elaborate network of over 9,000 domains and subdomains. Each domain was only used for a short amount of time and then discarded before it could be properly classified as malicious. The attack also disguised the attacks using an array of content delivery network (CDN) features.
The Google Contest Winner
You receive an email announcing that you are the latest “Google Winner” as a way to thank you for being a loyal user of Google services such as Google Search, Google Maps, Gmail, etc. The email includes precise directions as how to claim your prize. Of course this involves sharing your personal details with Google. The letter also includes a link taking you to a fake Google site which requires you to logon with your Google credentials. While the criminals don’t steal any funds in this scam, they do walk away with your Google credentials, which people often use at many third-party sites, as well as personal information that can be used to validate your identity.
The Happy Birthday Email
Phishing emails usually harp on a message of urgency (i.e., your password is about to expire) to rush users through a desired call to action before thinking about what they are really doing. Another approach is to hit them in a vulnerable moment in which they have their guard down. In a new trend that exploits flattery, attackers send targeted victims an email on their birthday. These are no generic attacks as the attackers must actually know when your birthday is. The email contains a birthday greeting that invites the user to click on a link to see the e-birthday card that a loved one sent. Another angle is to send an announcement that the victim has an Amazon gift card waiting for them that someone purchased for their birthday. All they have to do is click the link to receive it. Of course, there is no e-card or voucher, just a weaponized malware payload such as ransomware that will now invade your network once it infiltrates your computer.
The MFA Attack
Multifactor authentication is highly recommended today for any resource site that requires login credentials, but don’t think that MFA is fool proof. Because of the increasing usage of MFA, cybercriminals are quickly developing ways around it. Here is an example. A user clicks on a link that takes them to a website that is spoofing their bank’s webpage. The victim then inputs their credentials, which the attacker captures in real time and immediately uses them. The attacker’s logon to the actual bank’s site initiates an MFA check which the user assumes was initiated by their own logon attempt. A popup then appears, on the spoofed page prompting the user to type in their MFA code. Once this is inputted, the attacker now gains complete access to the victims account and can change the MFA phone number if desired.
Read Guide: Pillars of Modern MSP Tech Stack
Protecting against New Scam Approaches
Regardless of what type of phishing scam is being implemented, there are two primary ways to defend against this type of attack. The first is user education. A user that is trained in identifying basic tell-tale signs of an attack and is engrained with a healthy dose of skepticism will go a long way. The other is the combination of email filtering and web filtering, working together – a layered approach to security.
Your organization is under constant and unpredictable threat of attack. Cybercriminals aren’t going away. Their methods are getting increasingly sophisticated as they evolve to meet new security solutions and standards. As malware writers change their techniques to evade detection, layered security becomes more important than ever to lower the probability of a successful attack and stop an attack even if one component of your defenses fail.
At TitanHQ we offer some of those key layers of protection. SpamTitan email security helps prevent phishing attacks from landing in user inboxes, while WebTitan DNS filtering serves an additional layer of DNS filtering to prevents access to malicious sites and prevents malicious code from being downloaded.
Implementation isn't always simple, it requires planning and expertise. Relying on a single security layer is no longer wise in today’s threat landscape. Organizations need to focus on the data they are protecting and build layers of security around it. Your clients and your bottom line will thank you.
Learn more about TitanHQ’s multi-layered security for advanced threats today. Contact us today.