Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages. Unfortunately, cybercriminals are taking advantage of these trusted brands to convince you to log in to fake website portals and give up your login credentials.
In this Threat Spotlight, we will examine how attackers are cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs to entice victims into giving away their credentials to these services. Criminals then use these credentials to either commit fraud or to launch targeted spear-phishing campaigns within an organization to steal the crown jewels.
Web Service Spoof Directing to Fake Login Page – In these examples, Microsoft Outlook, DocuSign, and Google Docs are being impersonated or spoofed by email that contains a link that directs recipients to a fake login page on a legitimate website. There is no malicious attachment and cybercriminals are hoping victims will not recognize the web service web portal login page, and freely enter their credentials, giving attackers full access to their email accounts. In addition, the links used in these emails are typically “zero-day”, meaning they have not been used before in other emails, and therefore don’t appear in any bad link blacklists. Some of these links are legitimate small business websites that have been compromised and will appear to have a high reputation to traditional email security systems, which helps them evade detection.
Over the past month, we have been seeing a high volume of activity around this attack, which is to be expected, since traditional email security solutions will not catch these emails and many will ultimately reach end users without being detected. Millions of these impersonation emails are being sent out in multiple campaigns and users need to be educated on what to look for when receiving emails.
This rise in web service impersonation attacks involves a few simple but effective tactics on behalf of cybercriminals:
Traditional email security solutions will not detect this attack!
This evolving attack will not be detected by existing email security solutions on the market for a host of reasons:
Even if an organization has traditional email security technologies enabled, there will be nothing preventing the user from providing their credentials to the cunning cybercriminal. The best hope to stop these attacks is artificial intelligence for real-time spear phishing protection like Barracuda Sentinel in addition to regular training to raise awareness of evolving and new threats.
Barracuda Sentinel’s artificial intelligence real-time solution can be taught to automatically detect and quarantine these emails. In this case, Barracuda Sentinel can recognize how a normal email from a popular web service looks based on the signals in the email metadata and body. Here is an example:
Barracuda Sentinel can spot this discrepancy despite the link being reputable and prevent the email from reaching any end users. This is vital as it is guaranteed that someone in your organization will eventually fall for this bait.
Organizations must plan for email threats such as these and many others, train all their employees, test them on the latest email threats, and work to ensure everyone is a security advocate. Traditional email security will not catch these threats, and not every employee will delete the email, so incorporating a holistic risk prevention strategy with the latest email security technologies such as Barracuda Sentinel and regular security training such as Barracuda’s new Phishline offering will best prepare you for the next threat tactic cybercriminals use to try to steal your information.
This article was originally published here.