Phishing a Security Pro?

Categories: Attacks, Lessons

For a long time I have been advising clients, friends and the business community on how to avoid falling for phishing attacks. Even the banks have got in on the act now with some rather good TV ads. Nether the less, phishing attacks works, especially when done well. Last week I received this:

The Baited Hook

Early AM call, just after 8.

“Good morning, this is Rochan from your business bank. We have identified some fraud on your account and have emailed over a list of transactions. If you could check these when you get into the office and let us know if they are genuine we will then unblock your cards.”

A Phisher

A few things didnt feel quite right about this so I ask what number to call her back on and quite rightly she advised to use the number on the back of my card. Interestingly, no mention of which bank.

OK, pretty cool attempt. My mobile number is widely published as is the company I work for. Working out I am one of the people who checks the bank account is easy enough. So, she called the right person, at the right time on the right number. Shame she didnt say which bank she was calling from. I certainly wasn’t convinced and put the shields up while watching for the email.

This Bait is Off

Moments later the email arrived. A well formed html email that looks a lot like a bank, certainly not ours thought.

First issue I spot is that our address is wrong, its a very old address.

Next issue is the attached excel spreadsheet. The name is long and random.

Dropping the excel spreadsheet into a sandbox environment, it gets uploaded to VirusTotal.com. VT reports is as clean / unseen so time to get manual. Analysis is quick and easy, the payload is obvious when looked for and is a nasty version of CryptoLocker.

Swim Away

All in all a reasonably good attempt to SE someone into running into CryptoLocker.

Lessons

Always check what you are sent and alway verify. One day attention to detail will be your savior.

«
»