pctechguide.com

  • Home
  • Guides
  • Tutorials
  • Articles
  • Reviews
  • Glossary
  • Contact

Case Study on a Spear Phishing Campaign from the Energy Secto

Earlier this week, we wrote an article on the threats of spear phishing. We thought we could drive the lesson home with a story about a spear phishing attack that happened recently.

A very sophisticated spear phishing campaign has exploited a major energy company. The scam used a clever ruse to get around the organization’s Microsoft email security software. It relied on a complicated phishing attack that was sent from Google Drive. According to Aaron Riley, a researcher from cybersecurity firm Cofense, the scammers impersonated as the CEO of the organization.  The scammers sent an email via Google Drive and said they were sharing “sharing an important message” with the employees. Nobody wanted to disbelieve the CEO of the company.

The email was not sent directly by a hacker. The originator of the email was actually Google Drive. It was received by subordinates, but it triggered a major “warning”: the email address did not conform to the company’s internal naming convention for emails. But most employees wouldn’t take the time to verify the threat and clicked the link anyways, Riley told us. This proves that the desire to avoid investing a few seconds to versify something can be a tragic mistake.

The link was incorporated in email content. It linked to a legitimate Google Drive filled with numerous documents that employees could download. Also, Microsoft’s email spam detection tool does not determine the destination that the user is going to be taken after clicking on the link on the Google Drive. Even though the Google Drive link may not look malicious, the final destination that the user will be referred to could contain malicious malware or be part of a devious social engineering scheme by hackers. As a result, the user could be lulled into  a false sense of security.

Let’s review the email received by employees:

Dear colleague, I want to share a few thoughts and deliver a quick review regarding topic X. These thoughts will be explained in detail. All employees are obligated to read, know and interpret it, as well as share their opinions. I appreciate your constant help in improving our organization. CLICK HERE TO SEE THE UPDATE. Note: the message is of great import and all workers should view the link.

Riley explained that scanning past the first link wouldn’t solve the problem. The email inspection application still would not be able to evaluate links that were present on the following pages unless the user was trying to download them.

The phishing attack was not detectable, because there was not an immediately visible threat.

Once a user accessed a document on Google Drive, nothing immediately happened that was malicious. The targets were given an explanation of a public business decision by the “CEO” and then asked to view a related document via another link.

Any employees that decided to click the link embedded in the Google Drive document were sent to a fake login page that had recently been registered at the domain. Once the victims provided their credentials, they were shared with the scammers.

The real lesson here is that employees could have been taught to look for suspicious emails and could have prevented the attack. In addition to the fact that the CEO’s email address was incorrect, the information about the “business decision” was over a year out of date. Additionally, two sentences in the document contained very poor English: “I appreciate your constant help in improving our organization” and “the email is of great import and all employees should access the link”, which are informal. This is already a warning sign that should not have been missed.

Riley noted that exactly the same sentences were witnessed in a similar scam that had targeted major universities, indicating that the hacker has a known MO, which will make it easier to detect future phishing. By recognizing sentences that have already been used, a future attack could be recognized. It is important, then, to pay special attention to the content of an email you receive.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Filed Under: Articles

Latest Articles

fbi moneypak virus

FBI Money Pak Virus

FBI MoneyPak is a malware client that holds your computer for ransom until you pay a fine. As stated this is malware, a computer virus that infected your computer and is now attempting to trick you into paying a false fine. The makers of this malware have been at it for a while. There are dozens … [Read More...]

Why is My Internet So Slow – Browser Issues

Video Covering Why is My Internet So Slow - Browser Issues - Part of our Fix Slow Computer tutorial found on  https://www.pctechguide.com/how-to-fix-your-slow-computer Transcription of Video: Hi, this is Jacob with pctechguide.com, and in this video series we are covering, "Why you're … [Read More...]

PC Security Guardian

PC Security Guardian is a malware program.  Programs like this are made to trick and scare users into purchasing.  This particular malware program is not really new.  It is a direct copy of several old malware programs.  These scammers simply change the name of the program in an effort to … [Read More...]

The Impact of Modern Technology on Relationships

Technology has changed dating in tremendous ways. It has gradually become more immersed in the modern quest for intimacy. In 1995, only 2% of … [Read More...]

Benefits of Instagram as a Powerful Marketing Tool for B2B Brands

The ever-growing popularity of the social networking app Instagram makes it a popular channel for businesses to launch their services, advertising, … [Read More...]

6 Simple Ways to Improve Security of Windows Computers

Millions of Windows PC users experience some form of cybercrime every year. According to one study, there were 2,953 reported cyberattacks between … [Read More...]

2021 PC Hardware Releases to Bolster Your Gaming

If you are a PC gamer, then chances are you are looking to upgrade your kit over the coming year. However, a lot of money can go into building the … [Read More...]

New Transfer Feature in Dropbox Enable Sharing files with Third Parties

Dropbox has been a popular P2P sharing platform for many years. They don't announce new features as often as other applications, since they have a … [Read More...]

Ransomware Operators Find Data Theft Profitable

How valuable is your data? That’s not a question that organizations or individuals have to ask themselves all that often. You might know the market … [Read More...]

Guides

  • Computer Communications
  • Mobile Computing
  • PC Components
  • PC Data Storage
  • PC Input-Output
  • PC Multimedia
  • Processors (CPUs)

Recent Posts

Two Factor Authentication Is Now Easier Than Ever

Protecting the information you keep online is becoming more important than ever. Having an extra layer of protection is almost required as a single … [Read More...]

Motherboard Fan

In this case, the motherboard has two fan pin headers in addition to the CPU fan, designated as follows: JP2: System fan JP15: Power … [Read More...]

Graphics Card Upgrade Reasons

There are an number of reasons why you may wish to upgrade your graphics card: problems with your current card better performance to drive a … [Read More...]

[footer_backtotop]

Copyright © 2021 About | Privacy | Contact Information | Wrtie For Us | Disclaimer | Copyright License | Authors