I recently finished reading Mandiant‘s fantastic APT1 Report. One of the gems is on page 29, which details some of the tactics used by phishing attacks carried out by APT1, (speculated to be the elite cyber-attack wing of the Chinese military). (more…)
Archive for the ‘Phishing’ Category
We recently handled an incident response case where our client was infected by malware which was delivered by email. The client plead ignorance, and asked “how can we tell what is real and what is a virus?” Here’s a quick tip to do just that!
For starters, several email clients and web browsers will show you the address of a link before you click on it… provided you take a few seconds and look before clicking! Most people just click away without giving a second thought, which is like running out across the street and then, if ever, looking to see if there is any oncoming traffic, so try to resist that urge and put safety first.
Here’s a sample “LinkedIn” notification I just received.
Every now and then we get a call from a client, telling us that they are receiving messages stating that their emails are being rejected, or “bouncing.” The catch? They never sent the email in the first place. So what’s going on?
Although we don’t see as much of this as we did several years back, what’s often happening is that someone else, with whom the client has corresponded, has a virus-infected computer, and that machine is sending out junk email (or viruses), purporting to be our client.
Forging an email, purporting to be someone whom you are not, is trivial, and unless you and/or your email provider have taken steps to secure your systems and your domain, anyone with a little know-how can easily send email as anyone, including you.
In the following graphic, we see an example, where Joe@example.com corresponds with Sally@example.net. An Evil Badguy manages to insert a virus onto Sally’s computer, and it starts to send out spam and viruses. But, this virus is smart! It doesn’t send the emails as Sally – it sends them emails as some random recipient in Sally’s address book, in this case, Joe. When Bob receives “Joe’s” email, he emails Joe to complain, but Joe has no idea what’s going on. He’s even scanned his computer for viruses and found no sign. In an effort to prevent this, Joe could set up an SPF record on his domain, example.com, so that only authorized computers could send emails claiming to be example.com, which could help cut down this sort of behavior.
If you think you are the victim of such a charade, contact us to see how Paradigm can help shield your domain from these attacks.