There is a new Phishing threat making the rounds which combine quite a bit of research on behalf of the attacker, along with a bit of social engineering.
Over the last few weeks, a number of our customers have seen what look like an internal email from either a CFO, CTO or CEO asking for funds to be released to a particular party. Normally the ‘owner’ of the company (no one likes to question the owner).
The attackers are buying domains which are very similar to the victim’s domain. As an example, the customer would by Layerr3.nz (with an extra R) and send emails imitating myself.
The emails usually contain a signature that is almost identical to the signature used by the victim. This shows the attacker has done research and possibly seen emails written from the company previously.
Because of the nature of this threat, it is almost impossible for IT/Security companies to block them effectively. However, there are steps your business can take to better protect yourself:
- Train staff on what to look for in forged emails. This includes domain names, spelling mistakes, tones of voice etc
- Remove key contacts from your website. The CFO and CEO are normally the main targets of this attack
- Review your payment processes. Possibly including two levels of sign-off
- Investigate doing an internal social engineering penetration test – this is something you can talk to Layer3 can assist with
As attackers become more sophisticated, it’s important to stay vigilant and ahead of threats. If you have any concerns about these threats, please contact us.