In March Kyocera’s cybersecurity team assisted a customer targeted with yet another well organised phishing attack.
We’ve all heard about phishing attempts where an employee receives an email purportedly from the CEO, asking for the transfer of a large sum of money to an unknown account. This straightforward yet suspicious approach usually raises alarm bells and tends to be unsuccessful.
However, in this instance a transfer was seemingly being requested by a senior member of the business. It had an elaborate email chain attached to it between multiple parties within the customer estate. This went into considerable detail about an existing supplier, which had recently featured in the press regarding a takeover. As a result, according to this email, the supplier had new payment requirements. This forms a coherent and quite plausible narrative.
Fortunately, the customer was suspicious and called our cybersecurity professionals in to investigate. The team forensically went through the logs and spotted the slightest error in email address (an “e” missing) and found the email chain had been intercepted by a compromised third party hence making the chain more plausible. The team confirmed that this was a sophisticated phishing attempt, checked that there were no breaches in the customer’s IT estate and ensured no fraudulent financial transactions had occurred. The team took protective actions by scrapping the email chain from the systems to prevent further issue and blocking the suspect domains and IP addresses.
This incident demonstrates the amount of research and personalisation criminals put into making phishing work, to try and fool even the most alert employees into believing something is authentic. It’s surprisingly easy for criminals to craft these “social engineering” narratives, as information like your suppliers, employee names and contact details, and mergers and acquisitions can all be found on your website, through social media and elsewhere on the internet.
Employee training is key to preventing these phishing attempts from being successful. As a managed cybersecurity provider, we provide learning and simulation services to train staff to be on the lookout for even the most sophisticated social engineering attempts, as well as providing the investigation of suspicious activities and defence against active threats.
