Hacked ? No, just spear #phishing

Hacked ? No, just spear #phishing

Hacked ? No, just spear #phishing 150 150 Small Business IT Solutions

Our emails have been hacked, this account has been compromised, I’ve notified all the other members of staff – what can we/you do ?

This was basically an email that Hightrees received from a client recently.

Upon investigation there was no hack. No activity or rogue logins on the sending email account at all.

When we actually found a copy of the email in question, it all became clear.

The email were a pretty typical but growing in use “spear phishing” email. 

So how does spearphising work ?

In a nut shell this is where an email is sent appearing to be from a known source/name but is actually not the person you think it is.

The Email Security software highlighted this email in question as potentially an issue but it couldn’t be guaranteed.

As this information might be useful to others, below is a breakdown of some things to look for :

Display name is Mr CEO
This is purely what is displayed as the person sending it. This is normally someone known to the person receiving the emails. The names of people in the Management Team, the owner, Directors etc are often available on company websites, Social Media or via Companies House.

Many businesses and organisations have email information available to the general public, so making something appear to come from “The Boss” lends an air of confidence to the email. This happens with many businesses – “it’s an email from the boss I must reply…” at first glance.

Email Address – executivecommitte286@gmail.com
As you can see, this is not a internal company email. Technically this could still be a valid email if it was a personal email account.

Email Contents
The first email was along the lines of

“I’m really busy, can you do me a favour ?”

Nothing spammy, nothing to immediately raise concerns – after all it is a message from “The Boss”.

Once a reply was sent, the tone of the email was still kept conversational and went along the lines of :

“I need to organise a prize for the next meeting, but I’m going to be tied up on a video conference – can you help me organise this please ?”

Again, no big red flags, no dodgy links – The Boss is busy and needs MY help.

There was a bit of to and fro – “give me an hour and I’ll give you the details” until the crunch point came.

I need you to get hold of some Apple iTunes gifts cards, if you can get 4 x £50 and 1 x £100 and scratch off the codes and email them to me I can do the rest. If you could do it within the next couple of hours it would be a life saver…..

This is tailored for a growing scam, where people are persuade to purchase gift cards and then pass on the codes to a 3rd party. Sometimes this is blatantly obvious and out of character for the person you think has sent the message, on other occasions it may seem normal.

The contents of spear phishing emails vary greatly, but they tend to be targeted to a specific aim rather than just dodgy weblinks as this helps the email appear genuine. Emails tend to be more conversational than typical spam/malware style attempts which helps with the “it must be genuine” feel.

As the first email that has come through is pretty basic, are you free, can you contact me – it’s human nature to respond as you think you know who you are talking to.  Once this conversation starts , you are adding to the credibility of the mail so further spam/security checks become lower.

If in doubt, always contact the person via the proper email address/telephone to confirm.

Conclusion


Luckily in this instance, somebody twigged that something wasn’t right and raised concerns.

spearphising email security image

Whilst easier said than done, it is important not to over-react in these situations. 

Panic emails mentioning danger words like “hack”, “compromised”, security etc do unintentional damage to both the users faith in the system and the supplier of any of the services mentioned, espcially if you jump the gun and email ALL of your contacts to say you have a problem.

You then run the risk of having to deal with the original problem and then dealing with the chinese whispers fall out.

Please get in touch if you would like advice on email security and the services Hightrees can offer to help protect your email systems.