Tech Tuesday: Phishing Emails By Hackers Cost Americans Over $675 Million Dollars & It’s Only Getting Worse
By: Kip Kirchberg, Cyber Security Specialist
In 2018 over a billion dollars were lost to email phishing campaigns worldwide.The FBI estimates that criminals made off with over $675 million from phishing campaigns that targeted US based businesses. As you can imagine, with this type of payday, Hackers are working very hard everyday to find new ways to trick employees into giving Hackers their credentials or other sensitive information.
Email Phishing is a type of cyber-attack that utilizes email as a weapon to infiltrate a company’s network or computer system. The primary goal of the attacker is to get the recipient to believe that the message is something they want or need.
For instance, a Hacker could be disguising an email so that it appears to be coming from an internal employee or resource. The Hacker would then use the email account to pose as an internal employee and communicate in a way that is convincing to the receiving party.
Example: a Hacker would craft an email that would be very similar or identical to one that is typically received by a legitimate employee. Hackers are very careful to copy email signatures, names, and often email addresses to make the email look and feel legitimate.
The Hacker will then use this email to phish a company’s HR personnel. In this example, the goal of the Hacker is to convince the HR person that the targeted employee needs to have their Direct Deposit information changed. If successful, the Hacker would make a request to redirect Payroll Direct Deposit information for the targeted employee to a hackers account.
Now you are probably thinking that banks can recover the funds or freeze the transaction. This is where things really start to get interesting. The accounts setup by these Hackers are typically pre-paid credit card accounts. In a successful transaction the Hacker gets an alert that the money has been loaded onto the credit card. As soon as the funds are available the Hacker then begins the process of purchasing goods using the pre-paid card or begins the process of transferring the funds to offshore accounts until it can no longer be traced.
By the time the employee or organization realizes that they have been phished and redirected payroll funds for the targeted employee it is often too late. Most of the time the Hackers have already spent the money or transferred the funds so they are no longer traceable.
Believe it or not this is a common attack method. These type of phishing attacks are highly successful because it utilizes social engineering. This very attack hits us at our core as it targets our want and need to assist our employees or teammates.
Now Phishing is not limited to just social engineering but is also a tool that can also be used to trick users into visiting a website to download malware or open a document that contains malware. Typically, these type of email attacks are disguised to look like a request from another employee. For example the targeted employee could receive an email that appears to be from a known employee that asks the user to click a url link that redirects to a familiar looking site. During the redirect the site prompts the user for their credentials then redirects them to the actual site. In this example the user unknowingly provided their credentials to a Hacker. The other method Hackers use is by crafting an email that appears to contain information in an attachment that would seem important to an employee such as invoices, payroll information, sales numbers, or any other important looking document. These type of attacks generally drop malware on a pc that allow a Hacker to run Command and Control operations.
In recent Cyber Security breaches Command and Control malware has been used to crypto lock user machines or servers in an effort to hold an organization hostage. The Hackers will advise the organization that the only way to get their encrypted data back is to pay some type of fee. In most cases the only way to recover the crypto key to unlock the pc is to send bitcoin to an offshore account. This could be from a few thousand dollars and in some rare cases well into millions of dollars.
I’ll talk more about ransomware in a future article to help you get an understanding of what the attackers are doing and some of the goals they are trying to accomplish with this type of attack.
Most of all it is a harsh reality that an organization cannot stop all malware or stop the bad guys from walking through unlocked doors. For most organizations they are simply unaware of what to look for or how to defend their various systems from these types of cyber-attacks.
If you or your organization is interested in looking at some solutions to better defend your organization from Cyber-attacks please feel to reach out for a consultation. I can help you develop a strategy to minimize your Cyber Security risk by utilizing tools that will help implement and enforce basic practices throughout your organization.
Contact us at: