Phishing emails sent in pairs to lend authenticity, says training company

Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training company PhishMe

Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training firm PhishMe.

Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content.

In this new type of phishing email campaign, attackers typically send out a benign email that contains nothing harmful and does not ask for any information or response from the recipient.

It could be a friendly introduction such as, “Hello, we met at XX Conference last week, I have a report I’d like you to review, I will send it over shortly,” said Aaron Higbee, co-founder and CTO of PhishMe.

“An hour or so later, the report arrives, just as promised,” Higbee said.

This tactic is aimed at improving the odds that even a fairly security-savvy employee would be tricked into opening the malicious attachment that could launch an information-stealing Trojan.

Read more about phishing attacks

  • Phishing attacks cast wider nets in businesses
  • Black Hat 2012: Phishing and social engineering penetration testing
  • Don’t get spiked by a spear phisher
  • Mitigate phishing attacks in the cloud: A how-to guide
  • Study finds spear phishing at heart of most targeted attacks

Similarly, attackers are even responding to potential phishing victims, as shown by the recent report by US security company Mandiant.

On 18 February 2013, the company published a report that identified a secretive branch of China's military based in Shanghai as one of the world's "most prolific cyber espionage groups".

The report described a tactic used by the group of responding to queries from potential phishing victims to create the illusion that the phishing email was trustworthy.

To counter this new type of attack, PhishMe has introduced the scenario to its product features that is particularly aimed at customers with mature training programmes.

“This is for a user base that is already resilient to basic phishing tactics,” said Higbee.

“Just as the “P” in APT stands for persistent, organisations need to be persistent in training their user base, and the new ‘double barrel’ feature will allow our customers to enhance their already successful programmes in a meaningful way that addresses a real world problem,” he said.

Double barrel scenarios can be customised to send the lure after the malicious email, stagger the delay between emails and flag one or both emails as urgent.

Daily phishing emails

In January 2013, A poll of 1,000 office workers across the UK showed that nearly 60% of UK office workers receive phishing emails every day and 6% receive more than 10 a day.

Other research has shown that spear-phishing attacks – attacks that target specific people at enterprises with the aim of gaining a foothold into the corporate network – are at the core of most targeted attacks

In an analysis of targeted attack data collected between February and September 2012, Trend Micro found 91% of targeted attacks involved spear phishing.

Read more on Security policy and user awareness