Getting Phish'd
-
This is an email to our CFO from our "CEO". Nearly got them a payday, all the names are correct. See if you can spot what our CFO did just in time.
Stay alert out there folks!
-
Who's Lynette Leonard?
-
@Dashrender No clue, but unrelated to how he spotted it
-
Was it $ instead of the BRP sign?
-
That or the professional services bit.
-
@Dashrender Closer. Hint: I work for a Canadian company
-
co vs ca then?
-
-
@MattSpeller said:
@Dashrender Closer. Hint: I work for a Canadian company
Yeah, figured I was wrong on the currency since the email was CO not UK.
What is the symbol for Canadian currency?
Nevermind
-
@Dashrender nah still dollar sign but you were on the right path with nationality
-
This phishing was so good I honestly asked my manager if we were being audited.
-
I wonder if filters are missing a possibly obvious point they could be providing protection. email address % matching.
If the spam filter could have at least flagged this if not flat out blocked it because a name is 95% the same, these types of spam would be blocked.
Of course I wouldn't want the level to be set at something like 95%, more like 70% would probably be enough to protect us 95% of the time with little false positives. of course if you're company like NTG this could be a problem.... smiller@ntg.com vs smiller@cox.net is 47% different, well below the 70% matching... so I don't know..
Additionally, blocking email from our domain that originate from outside our domain is something else we should be blocking.
-
That's nuts! So impressively close.
On the subject have a read of Stu's post about a spear-phishing campaign deploying cryptolocker via dropbox: http://community.spiceworks.com/topic/868260-alert-new-ransomware-spearphish-uses-one-click-dropbox-attack?page=1 -
we had this a few weeks ago. The account on the pdf was a fully legit and active account out of a Chase bank in Skokie, IL. We contacted both the chase bank and ours as well as the local fbi field office since this would be considered interstate wire fraud. I still haven't heard anything from the fbi on this.
-
We get tons of different attacks via our various email addresses for billing. We get more emails from fake PayPal password recovery, updating account info, etc than we get from actual PayPal.
-
@tonyshowoff but these are different than those other phishing scams that you can tell are completely fake. These are detailed down to the very person who signs off on the wire transfers. The one we had here knew the name of our president, ceo, cfo, vp of finance and controller and had crafted the emails to look like it was being sent from the cfo to the controller (who signs off on the wire transfers). The email address that was being used was once again .co and not .com. They hid the email header information so these guys are really good. Using a real bank account that was detailed enough to get the name on the account, account number, routing number (which i know is easy to find). Whoever is doing this does their homework.
-
It's called spear-phishing.
-
@david.wiese We get ones that are addressed to our two accountants though is what I was referencing, not just the obvious ones, their names too. Which is unusual because these email addresses are not public and do not contain their names. It made me wonder if PayPal got hacked or what a while ago.
-
@tonyshowoff said:
@david.wiese We get ones that are addressed to our two accountants though is what I was referencing, not just the obvious ones, their names too. Which is unusual because these email addresses are not public and do not contain their names. It made me wonder if PayPal got hacked or what a while ago.
This is precisely what makes it spear-phishing. The would-be thieves do their homework and everything they can to make the communication look as real as possible so someone just does what it says.
If they spend 20 hours on one email and get you to send hundreds of thousands of dollars, that's a pretty great payday!
-
@Dashrender I'm just saying we have a similar problem and it's really bizarre, and we go through a lot to keep much of our company operations hidden, not because we're the mob or anything, but because adult entertainment gets a lot of BS
