Thanks to the new and improved cybercrime techniques, email phishing scams have become the norm and the pandemic hasn’t helped. Between February and March, there was a 667% increase in coronavirus-related email phishing campaigns, and according to TransUnion, 27% of global consumers reported receiving pandemic-themed phishing scams.
Even the largest tech companies aren’t safe from phishing scams. In early July, Microsoft announced it would be taking legal action to address the fraudulent campaign that targeted users in sixty-two countries and capitalized on fears surrounding COVID-19.
The attackers didn’t use credential-harvesting login portals to trick victims into entering their usernames and passwords. Instead, the emails contained links that requested permissions for a malicious web app that impersonated Office 365.
“Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app),” Microsoft explained. “Web apps are familiar-looking as they are widely used in orgs to drive productivity, create efficiencies, and increase security in a distributed network. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account. This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign.”
After the victim had granted permission, the attacker could access and manipulate everything in the victim’s Office 365 account, including their OneDrive storage and corporate SharePoint system.
While Microsoft, and many other experts, recommend setting up Multifactor Authentication, we’re starting to see more and more cybercriminals use phishing campaigns to circumvent passwords and Multifactor Authentication. By enticing users to click on a link, it will direct them to a legitimate login page, but what you don’t see is the link routes through an intermediate site that monitors the login activity. Hackers aren’t looking to capture your password (although in their eyes, that’s a bonus), but instead, they’re looking to capture the session security token. They can then use this session token to login as you, effectively bypassing password and MFA security.
So how do we defend against these new and evolving threats? Educate your team on these five basic email security habits.
1. Does the sender’s name match the email address?
This can be an easy catch. While the sender of the email may appear as the correct name, such as your company’s president, the actual email address is something other than the company’s domain name. However, be careful to take a closer look. Sometimes the fake email reply can be tough to spot such as llinked.com instead of linked.com or mic0soft.com instead of Microsoft.com. Always check these two fields before taking action.
2. Is the email expected or keeping with normal communications from the sender?
An unusual or unexpected request is a very good reason to be suspicious. The best action is to contact the sender directly to verify their request. Again, DO NOT click any links in the email and certainly do not enter any payment information or share private information before checking.
3. Is the email eliciting a hurried response?
Urgency is a hacker’s best friend. This tactic ignites panic in the recipient and they usually don’t take the time to look for clues that it’s a scam. Before you hurry to respond or take action, take another minute to thoroughly review the email, check the sender, and check the links.
4. Can you copy and paste the link into a web browser instead of only clicking a web link?
At Three Wire Systems, we tell our clients and employees one simple rule: don’t click. Because it’s so easy to hide malicious web addresses behind a hyperlink, it’s always best practice to copy a web address and paste it into your web browser instead of clicking on the link. You should always log into a website on your own instead of being directed there. As we saw with Microsoft, cyber criminals can easily set up a link so it routes through an intermediate site and exposes the company to a “man in the middle” attack.
5. Are there grammar and spelling errors?
Many of these attacks are coming from overseas (i.e., China, Russia) and English is not their first language. Be on the lookout for odd grammar or syntax, which can be very telling in helping to identify phishing scams. However, keep in mind these won’t always be so blatant. While working in email, slow down, and read the entire email to look for any possible misspellings, extra spaces, or awkward phrases.
Are you working with your team or colleagues to keep your information safe? Adopt this phrase as your cybersecurity motto: think before you click.