In the last 48 hours, a huge increase in very sophisticated phishing emails are being reported by several major industry partners in the US and Canada, including finance, business and higher education. What is making these these ‘Spear’ Phishing attempts so effective is that they contain very targeted and specific personal information in them, such as names and social security numbers, making them very convincing. It’s anybody’s guess where the personal information is coming from, but it’s a good bet that recent compromises at Equifax and others are leading to more and more of these sophisticated attacks.
Please have a look at the PDF Tip Sheet on spotting Spear Phishing attempts.
More information from one our partners, Beazley Breach Solutions, follows.
March 9, 2018
New Spear Phishing Attack Using Employee SSN As Bait
The Beazley Breach Response (BBR) Services team is currently working with many policyholders who have reported within the last 48 hours that their employees have received and clicked on a new, particularly effective spear phishing email. While the first incidents were reported by credit unions, we have now seen incidents occur across industries, including higher education and utilities.
Spear phishing is a form of phishing that is targeted at the recipient and appears to come from a trusted sender. This new attack is made to look like it comes from FedEx. The phishing emails included the targeted employee’s name and Social Security number. Noteworthy here is that these phishing emails “up the game” by actually including employee personal information in the email, which may be the reason the recipients were tricked into clicking on the email’s links.
The links in the email take the email recipient to a Google Docs page, which retrieves a unicode-encoded Visual Basic (VB) script from Google and uses that as a dropper to download and install malware. Essentially, this means that in these cases there is a reasonable probability of a malware infection that could potentially impact personally identifiable information (PII).
BBR Services is working closely with the affected organizations along with legal and forensic experts to investigate and mitigate any impact and also to find a common source of the compromised information.
If you receive a suspicious email, or anything you are unsure of, please contact firstname.lastname@example.org, and we’ll be glad to look into it for you.