Fresh Phish. (So Many Puns, So Little Time.)

Blog Fresh Phish. (So Many Puns, So Little Time.)

Fresh phish

May 23, 2017 Category: Threats By: Fraser Kyne Comments: 0

Fresh Phish. (So Many Puns, So Little Time.)

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected!

Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails.

I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly significant UK web hosting provider:

Here's our first phish.

A PDF file was attached to the email. When the PDF was opened it asked the user to allow an embedded Word document to open. So, the user had another chance to do the right thing…

Phish choice.

But of course, they didn’t. They allowed the file to run…

Phish food.

… and without Bromium protection, they would have been pwned.

Now, I know you’re thinking: “I’ve trained my users. They’re too smart to open a file like this.” And you may be right (but probably not).

But then have a look at this example of a phishing email that one of our employees recently received:

Phish fry.

As you can see, this one is quite targeted. I’ve obscured his correct home address that was part of the email.

The Word document attached was a .dot (template) file, and the file name was the recipient’s surname. When the user opened the attachment it prompted for the password that was provided in the phishing email:

Phish market

It then ran a macro to conduct its nefarious business…

Swedish Phish

So would your users open an attachment in an email sent to them with their correct home address, when the file name was also their surname? Hmm…

(I was in the room with a senior IT exec recently who admitted to me: “I’ll open anything that concerns my family or my money.” This is the reality that we have to face.)

Thankfully, the recipients of the two emails I’ve discussed in this blog are Bromium users. They opened the emails, the malware ran, it was isolated, and nothing bad happened to them. They could just carry on with their working day. At the same time, their security teams received rich data about the modus operandi of the malware – which they could use to improve their defense-in-depth, or perhaps choose to share with others so they could get the benefit of this intelligence.

For example, below are a couple of snippets of the Threat Report from the first PDF above. If you have any questions about this, please contact us (ask for Fraser!). I’d love to show you a demo.

Phish license

Phish food.

 

Subscribe

Enter your email address to receive notifications.

About the Author

Fraser Kyne
EMEA CTO at Bromium

Recent Posts

Categories
2017-05-23T05:04:50+00:00 May 23rd, 2017|Threats|

Leave a Reply

See Bromium in Action

Put an end to malware and attacks once and for all. Request a demo of the Bromium Secure Platform to learn how Bromium uses virtualization-based security to isolate applications and stop threats. Complete the form to request a demo.

Thank you! The information has been submitted successfully.
Share
Tweet
Share

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close