Old phishing emails used to be relatively easy to spot: They usually came with suspect subject lines and users could easily delete them without opening them.
Those who fail to recognize them by their subject lines could immediately identify them by their overly formal greetings, foreign origins, spelling and grammar errors, and their near-insistence to send the recipients millions of dollars or to sell them suspicious products. The easiest way to deal with phishing attempts was to simply hit Delete.
That’s no longer the case today.
Here’s how phishing attacks have become a more serious security problem that you need to prevent or address effectively.
1. The phishing emails are now crafted by professional criminals.
Professional criminals and organized crime seem to have taken over the phishing business. Thus the higher-quality e-mails in users’ inboxes. Today, these cybercriminals need only send out a few well-crafted e-mails to gain a foothold in targeted companies.
2. The phishing emails are sent by someone the victims know.
Professional criminals have long since realized that their spearphishing emails won’t yield the results they want if they’re still being sent by someone who immediately raised eyebrows, like a prince from a country far away. The new and improved phishing emails often appear to be sent by a boss, a team leader, anyone in the management chain. This ensures that the victim opens the e-mail and will likely do whatever the email says.
3. The e-mail sender knows the projects you’re working on.
Today’s spearphishers do their homework. That’s how they know details like what e-mails their target is expecting to see in their inbox. Their e-mails often come with messages like “Here are my updates to the report you sent,” with an attached copy of a report originally sent by the receiver, except it now includes an updated auto-launch malicious link. Or they may catch the receiver’s attention with an urgent announcement or upsetting news, with a link to a malicious article or webpage that appears related to the project.
4. Cybercriminals monitor their targets’ emails.
Sophisticated corporate attackers monitor dozens of email accounts in their target company to get a handle on the context they need to fool their victims and track the most sensitive and valuable information handled by the company.
The only way to address this threat is with a network that is “out of band.” This includes brand-new computers and new email accounts.
5. Attackers can grab and change emails whenever they need to.
When they act along these lines, the results may include the following: key recipients being removed from the email’s receiver list, more receivers being added, email groups being modified, and encryption and signing being turned off.
6. Attackers are now using custom or built-in tools to corrupt antivirus software.
Custom tools are the new standard in modern phishing attacks, forged and encrypted specifically for their target. So are programs built into the operating system of a targeted company. Either way, their target’s antimalware scanner fails to pick up the malicious file or commands.
7. Attackers tunnel your data home with military-grade encryption.
Rather than use randomly picked ports to copy data off of their targeted network, every malware program now works over SSL/TLS port 443 and uses industry-accepted, military-approved AES encryption. Visibility into port 443 traffic is practically impossible for companies, and for those using firewalls and other network security devices to see into 443 traffic by replacing the intruder’s 443 digital certificates with their own, when the data in the 443 stream is further encrypted by AES, this port’s traffic remains impenetrable.
8. Attackers have gotten good at covering their tracks.
In response to IT defenders diligently, routinely enabling and checking logs, attackers have adopted such techniques as command-line and scripting commands, which are less likely to be picked up by event logging tools, or they simply delete the logs when they are finished. The more sophisticated attackers use rootkit programs, which can maliciously modify operating systems to skip the execution of their malicious tools.
9. Attackers can go undetected for years.
Professional criminal organizations are often able to stay undetected in their victim’s company for months or years. It’s even possible for a company to have more than one gang within it, avoiding detection for years.
10. Attackers are no longer scared of getting caught.
These days, attackers are not particularly interested in avoiding getting caught, identified, and prosecuted. That’s because they likely based in a foreign country where their victim’s legal jurisdiction and warrants don’t work. Using legal evidence, the victim company may be able to identify the firm, its hackers, and its physical address, but their local authorities won’t be able to do anything.
Up your security level by getting rid of the most vulnerable link in your security chain: passwords.
Go passwordless and adopt multifactor authentication in tandem with single sign-on for multilayered security and guaranteed convenience. With passwordless MFA and passwordless SSO, you provide both your employees and your customers a better user experience.
Contact TraitWare today to learn more about how our simple yet comprehensive plug-and-play passwordless solution can streamline your business processes, improve employee productivity, and increase your savings.