In the W-2 phishing scam, the bad guy sends an email pretending to be an executive requesting the firm's payroll tax data. In the business email compromise, the bad guy sends an email pretending to be an executive sending wire transfer instructions. The IRS is warning about a new scam that combines the W-2 scam and the business email compromise into a merged scam. According to KrebsOnSecurity: “This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with [...]
Lloyd’s of London (the insurance company) and the University of Cambridge Centre for Risk Studies did a study estimating the losses that could result from a cyberattack on the power generation system of the United States. The study estimates that the cascading failures that could result from a cyberattack on the U.S. power grid could result in losses of over $1 trillion. What triggers the losses in this study? A spearphishing email. Could such a thing really happen? It already did in Ukraine. In December of 2015 someone used a spearphishing email to seize control of a power grid in [...]
Yesterday the FBI and DHS released their joint report on the compromise of the Democratic Party during the 2016 Presidential Elections. The report blames the Russians for the cyber incidents that the Democrats suffered. It is worth noting how the Russians compromised the Democrats. Spearphishing. All the dirty work presented in the FBI/DHS report was made possible by spearphishing. The report summarizes the attacks with this graphic: The critical path of the attack goes through Recipient who must perform Step 4 "Clicks on link and enters credentials." What this report skips over is what occurs between Step 3 "Sent To" [...]
On December 13, 2016, The New York Times reported new details of the cyberattack on the Clinton Presidential Campaign. John Podesta At the center of the attack was a spearphishing email to John Podesta, the campaign manager, that started the chain of events which compromised the Clinton Presidential Campaign.
Manhattan D.A. Vance Jeh Johnson, Secretary of Homeland Security, and Cyrus Vance, Jr., the Manhattan District Attorney, recently spoke at a security conference in New York City. Fortune reported on the event. At the event, Secretary Johnson reiterated his long-standing warning about the perils of evil email that appear to come from a trusted source. Secretary Johnson observed, The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing. District Attorney Vance echoed the Secretary's observations, Phishing—mundane as it is—is the biggest threat we face and need to tackle. Bad guys [...]
The press is widely reporting the Wikileaks postings of John Podesta's emails. John Podesta is Hillary Clinton's campaign manager. How was John Podesta's email account compromised? The Associated Press provides a step-by-step account of how, it appears, Podesta's emails were stolen. Step 1. The hackers sent Podesta an email telling that someone was trying to log into his gmail account and he should reset his password. This is the email that is posted in Wikileaks: Step 2. Podesta, to his credit, sent this to his IT experts for advice. Step 3. Clinton's campaign help desk staffer Charles Delavan wrote [...]
Apache Corporation is an oil-production company based in Texas.In 2013, Apache was the victim of a Business Email Compromise (BEC). At the heart of the scheme was a spearphishing email that appeared to come from Apache's vendor Petrofac Limited. Apache’s accounts-payable department received an email from “petrofacltd.com”. Unfortunately for Apache, Petrofac's real domain is "pretrofac.com". The criminals created “petrofacltd.com” to deceive Apache's accounting personnel. The deception worked and Apache paid $7 million according to the updated payment instructions received from “petrofacltd.com”. Unremarkably, the real Petrofac complained about not getting paid. An investigation was conducted which revealed the email fraud. While some of the stolen money [...]
The news is full of reports about compromised emails of important public officials and political leaders. While we don't know for sure who is behind the compromise of these emails, all indications are that the Russians are behind this. One of the leading investigators of this problem is Crowdstrike, who waxes poetic about the sophistication and technical prowess of the attackers. What are these bad guys doing that requires the resources of a country? Is this some kind of cyber atomic bomb coming out of a massive cyber Manhattan project? No. Ars Technica shows us exactly what the attackers are doing. They [...]
ThreatConnect has posted an excellent item detailing how somebody (Russia???) is using spearphising to undermine Bellingcat, an open source research firm that contributed to the MH17 investigation. MH17 is the Malaysian Airlines airliner that someone shot down over the Ukraine on July 17, 2014, killing all 283 passengers and 15 crew on board. If you visit the Bellingcat website you will see why the Russians would not be pleased with its content. Knowing the details of how bad guys use spearphishing emphasizes the need to identify and avoid evil emails.
Buzzfeed is reporting that U.S. Senate staffers recently received cybersecurity training. What was the substance of the training these key government employees received? What can you learn from this? The answer: “Don’t click on spear phishing emails” All that is left to do is determine which ones are the spearphishing emails so that you don't click on them. That's not so easy to do because the bad guys write emails that look real! Help unmask fake emails so that you don't click on phishing emails. Use SP Guard.