Recently, the MailGuard team intercepted a targeted spear phishing attack on a business, with the attack employing a novel technique designed to fool email filters and spam scanners. It’s an important reminder that scammers are changing and testing their tactics every day, so it’s imperative you stay vigilant.
This email claims that the recipients’ ‘Mailbox has now exceeded the limit’, and warns that ‘Emails sent to you will not be delivered.’ It looks like an automated message from the company’s Support Department, and carries the targeted company’s logo and name in the body of the email, however it’s actually been sent from a compromised email system.
The content is tailored to the targeted recipient, with hyperlinks featuring the employee’s email address embedded in the email. It warns the recipient that their mailbox has exceeded its limit and needs to be cleaned up, which can be done by logging into their webmail via a portal. The links actually lead to a phishing page with a fake login portal where their account credentials will be stolen.
Here’s what the email looks like:
What’s unusual about this attack is that the HTML portion of the email has been obfuscated with tags that contain random text in an attempt to hide its intent, tricking spam filters into marking it as safe. The HTML elements used are <ins> tags, which mail clients will normally render. However, in this case the scammers have craftily applied a CSS override which prevents anything within the <ins> tags from being shown.
This means that a content scanner that is looking for keywords through a heuristic or ML based system might miss the intent of the email because of the non-readable, hidden text. It’s an uncommon tactic, and while it wasn’t successful in getting past the MailGuard network, it’s likely to evade other mail-exchange filters.
As a targeted spear phishing attack, the attackers aim is to gain access to the employee’s business email. A breach may enable them to monitor and steal sensitive information, to access other systems, or they may use the account to send malicious content to the victims contact list.
Unlike generic phishing attacks that are sent to the masses, and which typically impersonate known and trusted brands in an effort to con more victims, in cases of spear phishing, where an individual or business is specifically targeted, more care is often taken to personalise the email which increases the success rate.
Although it’s unclear why this business and individual was specifically targeted, it goes to show that if you’re on the radar of cybercriminals, they can go to great lengths to trick your employees.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
