Spear Phishers are Winning, Here is a Real Example

Please be aware, the spear phishers are getting even more crafty and almost impossible to stop. One of our clients just lost hundreds of thousands of dollars in a spear phishing wire fraud attack that used this technique. Here is how they do it:

Step 1: Compromise an email account or accounts (on-prem Exchange, Office 365, etc.).

Step 2: Silently create FORWARD and DELETE rules that allow them to monitor the email account(s) for terms such as “wire”, “funds”, “transfer”, etc.

These images are from a real attack on one of our client’s Office 365 users. Very obvious what they were up to… but only if you knew the rules had been created. Fascinating to see inside the mind of a phisher.

Step 3: Use that insider information to craft extremely insightful spear phishing attacks targeting people who do things such as wire transfers. They know the right terms, people, sources, destinations, and project names to make the phish email seem completely in-line with normal procedures.

Step 4: When the money is transferred, it is immediately converted to Bit-Coin and lost forever.

What can you do to help prevent this?

  1. Educate yourself. Perhaps attend a TNS security focused seminar or training event. Check out our events page and sign up!
  2. Use MFA (Multi-Factor Authentication) everywhere, including on email access.
  3. Monitor the Dark Web for end-user credentials being offered for sale.
  4. Monitor email for rule creation. Example, get alerted when a FORWARD rule is created that forwards email to an outside domain.
  5. End-user security awareness training and testing.
  6. Monitor high-value email accounts (CxO, accounting, HR, IT, etc.).
  7. Review your processes for doing money transfers. Make sure there is a “human element” such as a phone call from a known party before any large transfers.

TNS can assist you with any of the above recommendations and much more. Let us know how we can help. Be safe out there.

Author: Dave Norwood

About Trusted Network Solutions:

TNS is a leading Value Added Reseller providing secure network systems and solutions to the SMB and enterprise markets. TNS offers best-of-breed technical solutions acquired, installed, secured, and maintained using the most cost effective methods available.www.trustednetworksolutions.com


Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s