Online fishing activities
Phishing Security Check
Phishing attacks are widespread. They trick recipients into opening email links and attachments by using familiar sender names and common email subjects. Attackers use a "fishing net" approach, not caring who the victims are, only aiming for a significant number of successful attacks.
Advanced spear phishing, as its name suggests, involves attackers stealing email passwords and then retrieving your emails. They specifically target emails related to money, altering the deposit destination before returning the email to your inbox. This more targeted form of phishing uses topics directly relevant to the target to pique their interest. Using this tactic, victims are more likely to trust the sender and open emails and attachments, leading to a successful attack.
FreeMilk is an advanced spear-phishing campaign that doesn't lure targets into downloading malicious attachments with topics; instead, it hijacks ongoing email conversations.
example
- Alex (A) and Peter (P) are having an email conversation.
- Attacker John (J) launches an attack to steal A's authentication in order to gain control of Alex's email account password.
J uses A's email account to receive and send emails containing attachments that appear to be ongoing email conversations between A and P regarding money, and changes to payment details.
- After receiving the email, P assumed it was from A, so he opened the modified attachment and successfully launched the attack.
If your company needs to prevent phishing activities, Insight's phishing security assessment service can meet your needs, ensuring your systems operate securely.