Recent Spear Phishing Attacks

Recently one of my corporate customers weathered an email spear phishing attack.  An administrative assistant received an email purportedly from the CEO, but the details were a bit off.  The assistant questioned a fact implicit in the email, that the CEO would have known.  The assistant called me to investigate, and investigate I did!

It turns out the email only appeared to be from the CEO.  It actually was from a criminal masquerading as the CEO using a purposely similar email address.  Here is an example to illustrate this technique.  Suppose you normally email bill@microsoft.com.  One day you get an email from bill@microosoft.com asking you for confidential information.  See the difference in email addresses?  One is microsoft.com and the other microosoft.com; notice the double ‘o’ in the second address.  Many times people will not even notice the difference and unknowingly provide the criminal with the requested confidential information.

This type of data breach could lead to something very costly to the business being attacked!

Have a look at this link, which explains a bit of what spear phishing is and how to protect your company: https://ca.norton.com/spear-phishing-scam-not-sport/article

One of the top things to do to protect your company is to talk to your employees, make them aware of this kind of attack and what can be done to avoid it.  Don’t put off that task too long; the bad guys are constantly looking for more targets and your business could be next!

Dennis Strain
Enclave Managed Networks
Box 365, Smithers, BC, Canada V0J 2N0
1-250-847-2589 office
dstrain@enclave365.ca