Technology by Design

Technology news, reviews, and how to keep your technology running fast and smooth!

ALERT: A Very Intense (and successful!) Phishing Scam

Image result for phishing scam
ALERT:  A VERY INTENSE (AND SUCCESSFUL!) PHISHING SCAM

Over the past few months, companies have been hit with increasing frequency, with a phishing scam that is fairly predictable…AND very successful!

The scam usually follows this 5-step pattern:
  1. A known vendor or customer is victimized by a phishing attack.  Their email credentials are compromised, and the cybercriminals get access to their email account and contact list.
  2. The cybercriminals change the password to the email account, so that the victim no longer has control.
  3. The cybercriminals go through the victim’s past emails and choose a contact to target.  Using the victim’s account, signature, and logo, the cybercriminals send out targeted emails that closely resemble legitimate correspondence they have had with the chosen contact in the past.
  4. Depending on the cybercriminals’ dedication (and skill level), the emails could be fairly generic, or extremely specific.  Companies have received scam emails with an inquiry that referenced a real specific invoice # for that contact.
  5. The email always includes a spreadsheet or PDF.  The name can be generic, or can be really specific.  Companies have received ones titled with a specific real invoice # for that contact.

Because these emails are coming from a real email account for a real business partner or vendor, they are very hard to identify.  In some cases they are literally impossible to detect, because of the skill at copying past legitimate emails.  

Naturally, there are a few cybercriminals sending these out that aren’t as skilled, and send out fairly generic emails that contain corrupted grammar or spelling, but others are indistinguishable from real emails.

So, How Do You Tell a Real Email from Fake Ones?

Follow the golden rule:  Did you ask for this attachment?

If you didn’t, DO NOT open the attachment.  Then double-check with the sender (preferably via phone, since their email is compromised and no longer under their control!) and ask if they did send this and why it was sent.

Unfortunately, there’s not much more that can be done with this level of sophistication.

Image result for phishing scam

Want help?  Need an IT partner that cares as much about your business as you do?
Call Technology by Design.  We’ll build a custom IT plan to suit your needs AND your budget!
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-292-8293

For Cyber-Extermination!

#itthatworks