As firewalls and spam filters continue to become more sophisticated so do the cyberattacks by hackers. Gone are the days of scam emails from Nigerian princes, full of grammatical errors. Today, many of the most sophisticated scams come from seemingly legitimate sources, like co-workers, clients, or even vendors. The goals of these malicious emails vary from ransomware to phishing to reply-chain attacks. While ransomware remains a threat, phishing attacks are still the most common and costly type of cyberattack. We have seen a rise in reply-chain attacks which are harder to detect because they come from a compromised email account. We aim to help end-users and businesses identify these threats to avoid falling victim to them.
Where Do Scam Emails Come From?
Spoofing is when a hacker creates an email account to impersonate a reputable business or known contact. When impersonating a business, the display name of the sender might say Microsoft Support or Verizon Support.
Do not be fooled by display names. Always look at the email address beside the display name to confirm it looks legitimate. For example, the display name below says Microsoft Support, notice that the actual email domain is Gmail. Microsoft and all other professional businesses will send emails from their legitimate domain. They will not reach out to you from Gmail, Yahoo, or any other free email service.
Scams from a compromised account are harder to detect as they typically come from a trusted contact. The hacker has gained email credentials, and they use the account to send spam to the user’s contacts. If someone you know has sent you a suspicious email requesting credentials or a transfer of funds, contact them directly.
Picking up the phone and calling someone is the most surefire way to confirm the authenticity of an email. Often replying to suspicious emails is ineffective. Compromised contacts will never see your reply emails.
The Goals of Scam Emails
Often a hacker will attempt to collect personal data, such as Social Security Number, license number, banking information, and other private information, they cannot find publicly.
These typically look like legitimate emails from popular services like Microsoft, Google, Facebook, PayPal, etc. They will often claim there is an issue with your account and you need to log in. The hyperlinks in the email will redirect you to a subpage that looks virtually identical to the real site. An end-user will enter their credentials and unknowingly give their password to a hacker.
Below is a spoofed email impersonating Microsoft Support. If you hover the mouse over the hyperlink you can see where it links to. If the link looks suspicious, do not click it.
If an end-user’s credentials are acquired by a hacker this could lead to a reply-chain attack. The hacker uses the compromised account to monitor conversation threads between users. The technique is particularly nefarious because the hacker inserts their malicious email into an active email thread. Since the hacker has been monitoring the thread they can tailor their scam to fit the context of the ongoing conversation. If your account has been compromised, the hacker can monitor your email threads and see if a client owes you money. The hacker can then use an active email thread to request payment from the client.
Scam emails are effective cyberattacks because they target the weakest link in the cybersecurity chain, the end-user. If you are interested in learning more about how you can protect your company from a cyberattack, the IT professionals at TCI Technologies are ready to help. Contact us today.