IT Spring Cleaning

As we wrap up the first quarter of 2023, below are some lessons on what is happening in the world, what to keep your eyes on and what to do if you come across malicious activity.

Business Email Compromise

Business Email Compromise is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. Email accounts of executives or employees involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses.

Once hackers have access to anyone communicating in an email chain that relates to some type of financial transaction, they impersonate authorized employees to do wire transfers. In addition, fraudsters also carefully research and closely monitor their potential target victims and their organizations using social media and company websites.

Some of the sample email messages have subjects containing words such as request, payment, transfer, and urgent, among others.

Below are a couple examples of these types of emails:

  1.  CEO Fraud – Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
  2. Account Compromise – An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to   fraudulent bank accounts.
  3. Attorney Impersonation – Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone, and during the end of the business day.
  4. Data Theft – Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives. Such data can be used for future attacks.

Because these scams do not have any malicious links or attachments, they can evade traditional solutions. Employee training and awareness can help enterprises spot this type of scam.

The most important thing for companies to implement when anyone is asking for any significant transaction, albeit money or personal data, are stop gaps where employees must communicate face to face or via a phone call to validate those respective requests.

Email Phishing

Email phishing continues to be the largest method to infiltrate business data and resources.

The top phishing email topics in 2022 were related to Financial/Mortgage, Cryptocurrency, Healthcare and Pandemic.

Attackers are sending precise and targeted messages. The number of finance and mortgage-related phishing sent in 2022 saw a corresponding increase. These emails spiked in February, as falling economic indicators in many countries stoked recession fears and homebuyers found themselves caught between increased interest rates, a record low in housing supply and still-rising home prices.

In December, there was a similar spike in health-related emails, coinciding with the open enrollment periods of many insurance programs and headlines warning of a flu, RSV and COVID-19 “tripledemic.”

In contrast, while there was an uptick in cryptocurrency related emails in April, around when Bitcoin began to fall, cryptocurrency were hot topics all year, corresponding with a fairly steady and sustained rate of crypto-related phishing.

As we wrap up the first quarter of 2023, email phishing topics will continue to follow the current events. Expect to see more emails related to general economic conditions, the events in the Ukraine and Russia, and as always, anything related to anything where money and personal information is being transacted.

Malicious PDF/Office Files

Malicious PDF’s are pdf’s that users receive that contain malicious code that can cause damage on the computer as well as the overall network.

Often, these pdf’s show up as attachments in email and instead of opening in Adobe Reader or Acrobat, they are links to web servers where malicious code is downloaded and executed.
In 2022, SonicWall logged 119,549 new PDF-based attacks.

Weaponized Microsoft Office files were the preferred means of attack in 2018, 2019 and 2020.

But in 2021, the trend began to shift in favor of PDFs — and in 2022, the number of malicious PDFs was double the number of malicious Office files.

But while malicious PDFs and Office files are among the most dangerous malicious filetypes, due to their ability to blend in with legitimate and expected attachments in a work environment, they aren’t the most common. For the second year in a row, that dubious distinction belonged to .exe files.

For clients using Office 365 and the newer XDR/EDR Antivirus technologies, GO Technology group has implemented strong precedent related to pdf attachments in email.

Any email that contains an attachment that masks itself as a link to a website, is automatically quarantined and blocked. This helps limit users from receiving an email that looks like a pdf and unknowingly opening malicious code that can cause damage on the computer and overall network.

What’s the best way to help mitigate these events from occurring?

  1. Slow-down – Most, if not all these scams rely on our reptile brains to react immediately without thinking. By slowing down, you can limit your exposure of becoming a victim.
  2. Be skeptical – Never share personal information such as email addresses, passwords, your name and address, or other information that may help scammers steal your identity.
  3. Contact IT – If something doesn’t feel right, you’re probably right. Forward messages to your IT department as they have tools that can confirm the validity of the emails you are receiving.
  4. Implement MFA – Adding 2-factor authentication on as many of your accounts as you can will help limit your exposure to being hacked

What do you do if you think you’ve been exploited?

  1. Contact IT – The IT team can help quickly assess how far a hacker has gotten in the exploit. They will be able to provide guidance around what accounts have been exploited and how to hopefully stop the attack from progressing.
  2. Contact your manager – Let management know that there has been an incident and they will help provide the necessary guidance to mitigate any risks to your company

Unfortunately, cybercriminals continue to exploit people in a variety of ways. The good news is by education, you will begin to recognize these attacks quickly and limit your exposure to becoming a victim.

Additionally, by using IT resources that are part of your organization, you have a team behind you that can help decipher what’s real and what’s a scam. By using these tools, your organization can work together to minimize the threat and help keep business rolling along.