Elements Of A Well Researched Phishing Email Attempt
Phishers for decades have honed their skills of persuasion, that is why the art of fooling people through an Internet-messaging method is a huge business by cybercriminals. There is money to be earned by collecting personally identifiable information, either sell them to 3rd parties or use it for extortion and blackmail, especially if the victims are people from influential quarters.
This does not mean no human can detect if an email is a fake one without using an email filtering solution, there are tell-tale signs that the message is a phishing attempt. The term used in this regard is spear phishing, where the target victim is not a random sample, but a deliberate attempt to trick a specific target and profit from their information eventually.
This is the subject matter of the latest report produced by Barracuda, a cybersecurity consulting firm, titled “Spear Phishing: Top Threats and Trends”. Also, known as “Personalized Phishing”, it is a product of careful research about the victims, their associates and their regular interactions with their acquaintances, business and personal. A level of research is designed in order to learn more about the victims, and then “recreate” the communication experience they are having with their routine contacts.
By recreating the experience, that means a fake message will be perceived as coming from their real contact. People trust who they know, and by mimicking those contacts – the phishing attempt will be more successful compared to a randomly sent phishing email.
Barracuda in their report identified spear phishing messages into three distinct categories:
1. Brand impersonation
Persuasion is not forced, as the victim recognize the brand where the message supposedly originated from. By having a “trusted name” in the fake email message, the victims assumes that it came from the legitimate source. The phishers use original-looking logos, names of contact and writing style which at first glance matches that of their real contact. With a relaxed attitude towards their “tried and tested” brand, the victims are more likely to provide information that should not be releasing in the first place.
2. Business email compromise
If phishers get a hold of the email address of an influential corporate personality, they can create specially crafted phishing email against the original owner’s contacts. Through impersonation, subordinates and the regular acquaintances of the person trusts the “message” from the account. The email’s FROM: line is not secure, anybody with enough time to research can send a message as if it came from whatever email address the attackers choose to show.
Extortion messages are fairly common even before the first email was sent in 1978. Intimidation, release of the victim’s “secret”, a controversial video, audio or multimedia content involving the victim are the usual instruments for blackmail. The latest kind, known as sextortion, where the victim is ordered to pay the extortionist in order to keep a private image from public view.
Barracuda also concluded that phishers have trained themselves to “time” their attacks, as 15 to 20% of all phishing emails are sent within a work week. With only 5% of overall phishing emails sent during the weekends. It is very clear that they are sending their emails during business days and banking days instead of during non-office days. The same trend also happens during the holiday season, they believe that people will be using their emails more during holiday periods for greetings, this is when they send fake emails connected with the holidays.
“Using carefully-designed templates that impersonate top brands, cybercriminals send an email claiming your account has been frozen and giving you a link to reset your password. Sometimes, these emails ask you to review your account or a document. If you click on the link provided, you’ll arrive at a phishing website; it looks legitimate, but it’s designed to harvest your login credentials,” explained Barracuda representative in the report.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.