Phishing Tactics that Work

In 2013, the SANS Institute reported that 95% of all successful attacks begin with a spear phishing email.  Two recent and well publicized attacks, the Anthem breach and the Carbanak Bank robbery, can be traced back to spear phishing emails.  While your organization may not be a large enterprise like these, you can be used as a way into your larger clients;  this is what happened to Home Depot and Target.

phishing2Any organization with sensitive data is a target of opportunity.  Spammers and cybercriminals have learned that the more precisely they craft their spear phishing emails, the more likely you are to click.  Once this happens, they will download their malware on to your system and steal your valuable data.

So what exactly are spam, phishing and spear phishing emails?

  • Spam: These are unsolicited emails typically trying to sell you something legitimate, or not, and may contain malware or malware hyperlinks.  Mostly these are an annoyance.
  • Phishing: Is targeted at a wide range of recipients, “Click Here to Get Free Pizza“, specifically crafted to get your login credentials or to deliver a malware payload.
  • Spear Phishing: Has the same criminal objective of a phishing email however it is specifically designed to get your attention.  The email may look as if it came from someone you know or an organization you do business with. It might contain information that you believe only you and your friends would know about; like the vacation you took to Aruba where you uploaded your photos to Facebook.  The criminal’s goal is to have you drop your guard and respond.

One more important term that you may not be aware of is the Time Bomb.  This term is used in conjunction with phishing or spear phishing attacks.  Cybercriminals know that most organizations use spam filters.  These filters attempt to verify the reputation of inbound emails and any links contained within them.  In these emails, clean URL’s are incorporated to avoid being initially blocked or lost in spam filters.  Some time after the email makes it to your Inbox, they activate the malware in what was initially a clean URL.  Now when you click on the URL link, you become infected.

 What should your organization do?

  1. Implement network security technologies and put acceptable use policies in place.  These are the foundation of a good layered approach to securing your network and data.
  2. Ensure all members of the organization get annual security awareness training.  Do they understand what phishing emails are and how to protect themselves and your organization from them?
  3. Investigate whether your spam filter has multiple methods for scanning and verifying the reputation of inbound emails.
  4. Consider implementing an additional layer of security to rescan external email links when a user clicks on one.

How can Systems Engineering help?

  1. We offer a Security Awareness Training program which provides an assortment of video content to choose from along with tracking end-users who have completed the training.  Additionally, we can setup regular and anonymous simulated phishing attacks to reinforce the training.
  2. Our SE CleanMail spam filtering service is built on a best-of-class technology with multiple scanning engines to block as many spam and phishing emails as possible.
  3. For those phishing emails which may get through, such as those using “Time Bomb” tactics, SE CleanMail has the ability to turn on a “ClickProtect” option that will rescan links when clicked on from the end-user’s Inbox.


Contact SE here for more information on how best avoid these tactics.