Phishing emails never sleep
Posted: Mon Jan 20, 2025 7:14 am
"In the event of a successful attack, the attackers could gain remote access to the organizations' computers, download files and confidential documents from them. In some cases, the attackers wrote on behalf of the contractors of the attacked organizations in response to an existing chain of letters. They may have used hacked mailboxes of these contractors or previously stolen correspondence. Letters that continue old correspondence inspire more trust in potential victims," Kaspersky Lab said in a statement.
Pavel Pokrovsky, Director saudi arabia whatsapp resource of Service Management at AT Group LLC, believes that the organization of targeted mailings does not require a high level of competence from the attacker: "It is enough to understand the general structure of the company, the staffing structure, and to know some key people, which is quite easy to find through open sources."
Head of the Information Security Service of JSC Infowatch Roman Alabin told a ComNews correspondent that phishing mailings are a constant background threat for Russian businesses: "One of the typical signs of a phishing letter is an attempt to prompt the user to do something urgently: transfer documents, make a payment, change details, provide data, follow a link and log in using a corporate account on third-party resources, and other similar requests. The sender may introduce himself as the head of the company, an employee of law enforcement agencies, an inspector from supervisory authorities, and attach fake official letters. The emphasis is on the urgency of the request and the possible problems if it is not fulfilled, so as not to give the person time to analyze the situation."
Pavel Pokrovsky noted that mailing is one of the most popular hacking methods, as it allows for a wide range of recipients: "This way, it is more likely that one of the recipients will react to this mailing. In this case, we are talking about the fact that the attackers acted on behalf of trusted counterparties and used existing correspondence for this. In this case, it is almost impossible, without specialized knowledge and skills, to distinguish an attacker from a non-attacker. Here, you can only pay attention to the change in the style of correspondence, for example, an increased number of spelling errors, the use of specific spelling, the absence of capital letters in sentences or the absence of punctuation marks. In addition, if this correspondence has not previously assumed any exchange of attachment files, attachments may suddenly appear, which may also indicate that in this case, communication is taking place on behalf of an attacker."
Pavel Pokrovsky, Director saudi arabia whatsapp resource of Service Management at AT Group LLC, believes that the organization of targeted mailings does not require a high level of competence from the attacker: "It is enough to understand the general structure of the company, the staffing structure, and to know some key people, which is quite easy to find through open sources."
Head of the Information Security Service of JSC Infowatch Roman Alabin told a ComNews correspondent that phishing mailings are a constant background threat for Russian businesses: "One of the typical signs of a phishing letter is an attempt to prompt the user to do something urgently: transfer documents, make a payment, change details, provide data, follow a link and log in using a corporate account on third-party resources, and other similar requests. The sender may introduce himself as the head of the company, an employee of law enforcement agencies, an inspector from supervisory authorities, and attach fake official letters. The emphasis is on the urgency of the request and the possible problems if it is not fulfilled, so as not to give the person time to analyze the situation."
Pavel Pokrovsky noted that mailing is one of the most popular hacking methods, as it allows for a wide range of recipients: "This way, it is more likely that one of the recipients will react to this mailing. In this case, we are talking about the fact that the attackers acted on behalf of trusted counterparties and used existing correspondence for this. In this case, it is almost impossible, without specialized knowledge and skills, to distinguish an attacker from a non-attacker. Here, you can only pay attention to the change in the style of correspondence, for example, an increased number of spelling errors, the use of specific spelling, the absence of capital letters in sentences or the absence of punctuation marks. In addition, if this correspondence has not previously assumed any exchange of attachment files, attachments may suddenly appear, which may also indicate that in this case, communication is taking place on behalf of an attacker."