Spear phishing attacks targeting business users via their personal accounts

Recently, we have seen an increase in spear phishing attacks targeting business users via their personal accounts. Spear phishing is defined as an email campaign targeting specific people, or groups of people, in order to get a response from the email account, which then enables the phisher, or scammer to use details of the email account for fraudulent purposes. Spear phishing will often include information that is known to be of interest to you, the targeted person or group, such as a current event in your industry, or financial documents.

Here are some examples and highlights:

Personal Email Delivery

The below email example was recently sent to a staff member’s personal email address, requesting confirmation of their organisation’s Microsoft work account. The employee clicked on the spearphish email, targeting their business Microsoft credentials. The staff member had clicked the phishing link in their personal email, but the hack was targeting their professional email password.

Hackers know that corporate email is better protected than personal email, so targeting users via their personal email is often easier.

Lateral Phishing

A staff member at a building company opened a spearphish message sent from a valid email address, from a known business associate at a local Home Builders Association.

The previous day, an executive at the Home Builders Association had their own corporate email hacked. By using a trusted email address, the hacker sent an email to the targeted user at the building company using the hacked address.

The email contained a View Document button, referring to a proposal that was likely to have been expected by the recipient. The full email included the sender’s signature and headshot photo of the sender, making it appear to be more genuine.

Netflix Surge

There has also been a large surge in Netflix phishing attacks being clicked.

Numerous attacks were seen like the one above which use temporary websites so that they only stay active for a short period. The phishing attack redirects the user to a legitimate Netflix help page after it has collected your login details.

Most of the phishing links refer to billing or payment.

Mitigations

• Make your employees aware of attacks on high-risk logins especially via personal emails
• Educate employees that phishing messages received in their personal email can be a serious risk to the business
• Educate employees to be very careful when opening links, even when they are delivered from trusted email addresses
• If you receive an email from a trusted email address and you’re unsure if a link to an external link is genuine, a good old fashioned phone call doesn’t go amiss to confirm the authenticity of the email you’ve received.

If there is ever any doubt at all, never click on a suspicious link, but rather speak to your trusted IT professional, Bean IT, about it.