| Earlier this week, I had a great topic in mind and a hot cup of coffee to help write it, but with a phone call I received, all plans were off.
An employee at a financial firm client of ours (let’s call them ABC Finance) had exchanged emails with a known contact of theirs who was requesting a money transfer. Though most of the correspondence seemed business as usual, the ABC Finance employee was suspicious enough to contact us before money was sent. I was able to verify this was a phishing attempt before any funds were released.
This week I want to break down how situations like this unfold, as well as highlight how important you are as a last defense to your company. While I unpack the behinds the scenes of this story, I will provide security tips in parenthesis. Hopefully taking you through a real-world situation will help you catch bad actors next time they knock on your door. The combination of old school hacking and socially engineered attacks is the most popular combo today, and hackers continuously refine their methods to go undetected. So, let’s begin breaking down how they do this.
First, they gain access to an unsuspecting user’s email account. In this case, it was our client’s known contact. Sometimes they use computer bots (software) to scan and crack the password, but most often they get a hold of leaked passwords on the DarkNet from breaches you hear on the news (TIP: enable multi-factor authentication for your mailbox and monitor DarkNet against leaks on passwords you use most often).
Once they gain access to the user’s email account, a real person takes over studying the contents of their mailbox. This is where the socially engineered part comes into play. The hacker looks for people they communicate with often, learn their business patterns, and select a suitable target from their contact list. In our example from this week, the hacker picked a lower level employee at ABC Finance to target, which is a great choice if you ask me. (TIP: Never communicate sensitive information via email unless you utilize an encryption service. Never make a habit of authorizing financial transactions via email as this relationship can be exploited).
Once the target is picked and their plan of attack is solidified, the bad actor creates mailbox rules inside the hacked account so they can hide their communications. To start, when an email is sent from the hacked account, it is immediately deleted from the sent mailbox. Then, the mailbox rules automatically route replies from the target into an unsuspecting folder on the hacked user’s mailbox. This system allows the user to continue using their mailbox without any idea that someone else is using it to request a wire transfer. (TIP: Check your mailbox rules and folders time to time. If you have folders that are not needed, delete them. Don’t leave unread messages in mailbox folders so if a message arrives and is sorted into folder, you can immediately detect it).
Unfortunately, the bad guys often manage to convince people to send wires. Our financial firm client has multi-factor authentication enabled so their accounts are secured and we use two layers of email security, which does an incredible job keeping automated attacks, malicious attachments, and suspicious activity at bay. However, when there is a regular communication about finances between two people, and a wire transfer request comes in as it so happens time to time, no security service can make a judgement on its legitimacy. This is where you become our last line of defense. If there is any tiny amount of suspicion, pick up the phone and call the person emailing you – especially when there is money involved. Hackers don’t look like the person in the picture above. They can use the same words and make the same jokes as the person whose account they hacked.
My team and I are here to secure you with the best security tools possible, including knowledge of the ever-changing security landscape so together we can stay one step ahead of the bad guys.
– Burak Sarac, Team Lead
|
