There are clues to watch for in order to protect your business indicating an email attack is in progress. In these forged email attacks, an email arrives addressed to an internal employee, in an attempt to initiate a back-and-forth conversation via email. This is a classic attack known as “social engineering”, where the attacker’s goal is to get the internal employee to disclose information, usually financial in nature.
The attackers have specifically targeted internal employees, addressing them by name and impersonating an officer or owner of the company. The attackers buy an internet domain which is very close to the target’s domain (e.g. they buy “biqdealwholesalers.com” in order to attack “bigdealwholesalers.com” – note the ‘q’ instead of ‘g’ in the word ‘big’ being the only difference). Next, they send an email with a reply address of an actual user at your company (e.g. owner’s email address of “email@example.com”) and ask a brief, leading question in the email, such as, “Are you at your desk?” The attackers hope to initiate a conversation via email, eventually culminating in a request for wire transfer information, typically.
The only viable preventative measure against this attack is employee training. The training must prepare your staff to recognize, suspect, question, and alert others when they are targeted by these attacks.
If you would like assistance in delivering cybersecurity preparedness training to your employees, contact Michael Senkbeil at firstname.lastname@example.org or 262-522-8248.
Written by Michael Senkbeil, MCSE, GCFA, CISSP, CISA | Partner
Posted in Technology Consulting