Last week, we began a series on particularly targeted phishing attacks - scams using personalization to try to convince you to click on their link. A recently reported case targeted workers at a specific bank and was based on correct email addresses and personal names. The email read:
"Dear John, I am a reporter for Finance News doing a follow up story on the recent leak of customer records from ABC Bank. I saw your name come up in the article from Central News and would like to interview you for a follow-up piece. If you have time I would greatly appreciate an opportunity to further discuss the details of the above article. Regards, Gordon Reily."
The message included what appeared to be a link to the Central News story. The URL included the bank’s name in its characters.
The names in this copy have been changed but the rest of the message is unchanged. Note that there are no misspellings, grammatical errors or typos in the message. It is personalized, professional and has all the earmarks of a legitimate message. This message will sail right through the spam filters.
The message appeals to the natural vanity or curiosity of recipients. A high proportion of readers want to see their own names in print and click on the link.
The link in the email actually took the reader to a website in China. Clicking on the link automatically installed a keystroke logger on the user's machine. The clear goal was to compromise the computer account of a bank employee – an insider who likely has deep access to accounts and customer information. Hackers know that even if the first employee didn't have direct access to sensitive information, they can use the compromised account as an entry point to attack other points of the company's network.
In this case, the bank was able to quarantine its infected computers and blacklisted the chinese website but similar attacks are occurring every day. Hackers are using increasing sophistication in their attempts to compromise the accounts of employees at financial institutions like Westfield. Never click on the link in an unsolicited email. If you are unsure about the message, forward it to InfoSec for investigation.
Read more at CSOonline.