Forget the spam filter: How unique phishing attempts undermine Microsoft email security

Be aware that when phone vendors release new versions, they increase the communication to your user base. It’s critical to make sure users are aware of the process required to move two-factor applications to a new device with clear, actionable information easily located on your website.

Business action-item phishing

Another, perhaps more insidious style of phishing attacks is the business action item email. These are written as if there are outstanding action items or new business to be done between the user and the bad actor doing the emailing. For example, in the accounting profession, attackers will email to ask the accountants if they are taking on new clientele and request that they accept copies of prior tax returns and tax documents for review. Instead of a link with the tax documents, the attackers send malicious files meant to obtain access to the computer in question in order to gain deeper access to the system.

Again, ensuring that end users know the exact protocol around interacting with potentially new clients and how the firm normally receives new business is the first line of defense against such attacks. For most consulting-style firms, clients are obtained through referrals or connections to another client – that means they are expecting exactly the type of email attackers have learned to spoof. While this process may not be foolproof, it will at least ensure that users are less likely to reach out to these impersonators trying to gain access to our networks.

Password-reset phishing

Next up are malicious emails that try to trick users into completing unnecessary password resets on your email systems in a bid to obtain credentials allowing access to your network. Users should be informed of the exact portal and process needed to reset passwords and other self-serve processes. An internal company IT communication portal can be useful in ensuring that end users know exactly the procedure to follow.

Fake Dropbox and Docusign links are the basis for vendor-specific scams that use stolen graphics from the companies to gain the appearance of authenticity. Creating messages that look very convincingly like they are from vendors we interact with on a daily basis, these emails are yet another attempt to obtain credentials to our networks.

Consider adding two-factor authentication to any site that has a goal of interacting with external clients. Alternatively, consider the policy of only sending and receiving information from sites that are under the control of your firm and not accepting any links from external locations.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button