Published: June 16, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Although it may sound strange, bad actors are exploiting what we see – or what we think we see. Always looking for new ways to gain our confidence, cybercriminals are counting on us being human to make this con work. Trust, fear, and concern are some of the emotions being exploited, which is nothing new for hackers. But what is new is taking advantage of our assumption that when we see a trusted website, it’s worthy of our trust…Well, maybe not so much anymore.
New research from Cofense discovered a phishing campaign targeting employees with threats of deleting particular emails from their employer, if they don’t respond as directed and sign into their company account. The identity of the sender appears to be legitimately from their company’s tech support team. Strike one.
Targeted employees are concerned the emails in question may be important to their job, so they dutifully follow the hacker’s instructions to click on the link called “Review Messages Now” where they can resolve the issue. This tactic goes directly to fear and concern that something is wrong with their account and needs to be fixed. After all, what could be nefarious about that? Strike two.
Once on the website, employees are instructed to enter their login credentials as usual to access their account. The website looks exactly like what they expect to see, so trust and ease entering their credentials is the automatic response. Strike three.
The website link is malicious, and the specific login area of the page is faked using an exact overlay or “spoof” as it appears on the real company website. The overlay steals employee login information which is then sent to the threat actor. That information gives the criminal access to the victim’s company account and can be used for any number of attacks, including those that are socially engineered using the stolen identity.
There is a security response available to combat those attacks that trick us into believing what we see is what we get. It’s called domain assurance, services that any enterprise can benefit from. Domain assurance services do exactly what the name states; assuring a business domain is authentic. This service purchases any and all domain names that could possibly be used to spoof a company with “lookalike” domain. These spoofed names are remarkably close to the real domain name, and very few know to check if the name is infused with clever typo’s and lookalike characters that look legitimate, only they’re not.
After all, bad actors know employees are only human, and the truth is, staff are often the first line of defense against hacking exploits, including those that compromise credentials. Companies using domain assurance removes the element of trickery, and assures employees are in fact on the legitimate company website. This assurance allows peace of mind when employees and customers alike enter sensitive data, ensuring that what they see is truly what they get.