For those working in receiving departments, it’s normal to see email messages regarding package deliveries. In fact, even if you order items off of the Internet to be sent to your home, you may be familiar with the messages letting you know your package is on the way. And if you work in accounting and financial departments at any company, it’s not unusual to see email messages with invoices attached.
The cyber criminals know this occurs often and spear-phishing that targets people working in these departments is incredibly common. According to Proofpoint, fake invoices are by far the most used lure for phishing. The company released a list of the top “lines” used in phishing scams.
1. “Please see your invoice attached” tops the list and accounts for nearly half of all the phishing campaigns that Proofpoint observed. Often a document is attached that executes various malware such as the banking Trojan Dridex or Locky, which is ransomware that will encrypt the information on your computer.
Avoid this by confirming with the sender of the document’s legitimacy first. Either call the sender on the phone or send a new email (as opposed to replying) asking for confirmation before opening the attachment. In addition, ensure regular backups of important information on your computer are completed. This way, if ransomware does strike, the data can be quickly restored and no ransom need be paid as happened to a company that manages hospitals in the Washington DC area as well as Hollywood Presbyterian Medical Center. Even a police department paid for an encryption key.
2. “Click here to open your scanned document” is second on the list and accounts for one in 10 phishing campaigns. While it is perhaps less common to scan documents these days, organizations such as financial institutions often still rely on them as well as the ever-aging fax.
The same rules apply here as for any other document. Don’t open them unless you are expecting them and/or are 100% certain they don’t contain malware.
3. “Your package has shipped – your shipping receipt is attached” comes third and often looks very similar to one you might receive from the various shippers. However, they also may appear to come directly from a vendor. Proofpoint found that these often include automated exploits or will install malware after an “enable content” button is clicked.
Obviously if you did not order from the listed vendor, just put it right in the trash. However, if you did or don’t remember, go into your online shopping or shipper account directly to see the details. No need to open the attachment at all. In addition, make sure your devices are always updated with the latest patches and that anti-malware is installed and kept up-to-date too.
4. “I want to place an order for the attached list” ranks at number four. These are not all that different form the invoice or order confirmation emails, but appeal to those who may benefit from a sale. Again, these rely on the recipient opening an attachment, which will unleash malware.
5. “Please verify this transaction” may appear to be from a financial institution hoping to lure the recipient into thinking a fraudulent transaction occurred.
Instead of opening any attachments or clicking links,go directly into the account associated and verify charges that way. If you accidently do execute some malware on your computer or device, report it to your IT department immediately. The sooner it is reported, the faster it can be corralled and the less damage it can do.
© Copyright 2016 Stickley on Security