The Phishing Adventures of Huck Phinn, Dangling Bait in Open Waters
Chapter 2 In Chapter One we mentioned that the most common phishing attacks are mass emails sent to as many recipients as possible in hopes that even...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
3 min read
Cyrus Robinson : Apr 8, 2021 12:00:00 AM
Huck had narrowly eluded several phishing traps, and he now routinely screened his work Outlook email inbox for suspicious messages. He knew the red flags to look out for, but how could he keep his guard up 24/7?
One day Huck got an email sent to his personal account from an old friend, Tom Sawyer, who now worked for the St. Petersburg Baseball Association. Huck was glad to hear from Tom and followed the “secure Message” link to what looked like a Microsoft OneNote message. (Figure 1)
Can you spot the red flags in this email?
Figure 1 -The email sent to Huck's personal account
The unexpected “gitbook.io” domain in the URL bar is a tip-off that something is not quite right. But thanks to a simple, sneaky trick the criminals used, Huck overlooked this red flag and others. The trick is revealed at the end of the story. (Figure 2)
Figure 2 - The unexpected “gitbook.io” domain in the URL bar.
Meanwhile, Huck followed the “Access Here” button (Figure 2) and a fake DropBox login page opened. (Figure 3)Figure 3 - Fake DropBox login page.
There are a raft of red flags Huck missed:
Figure 4 -Fake Office 365 Login Page
Notice the screen "verifing" and error message stating "InValid Credentials".
Figure 5 - Fake Login with misspelled words
Nothing appeared to happen after Huck entered his login credentials. He quickly moved on to other tasks, forgetting about the email. But something had happened. The moment Huck took the bait and entered his office email address and password, the attackers successfully harvested his St. Petersburg Wildlife Foundation Office 365 credentials and now had access to his account.
It turns out, Huck's friend, Tom, had also taken the bait in a similar attack. The scammers used Tom's account to target all of Tom's contacts (including Huck). Getting an email from a friend often leaves us with a sense of false security than messages from strangers. But it’s important to apply the same level of scrutiny to personal emails and review for the common red flags that give away when a phishing email is afloat in your inbox.
Unsure how to spot a suspicious email? Download our free “Phishing Red Flags” checklist and share it with your friends and family.
It would still be months before Huck learned about the security breach at the St. Petersburg Wildlife Foundation caused by his misstep. Find out about the fallout in the conclusion to this edition of The Phishing Adventures of Huck Phinn.
To be continued…
Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them. |
About the AuthorCyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.
|
Chapter 2 In Chapter One we mentioned that the most common phishing attacks are mass emails sent to as many recipients as possible in hopes that even...
Chapter 3 In the previous chapter, Huck Phinn, who works for an environmental group, narrowly escaped a phishing email trap by recognizing red flags....
Chapter 7 It's Cybersecurity Awareness Month, so we thought it was a good time to bring back our good friend Huck Phinn for another adventure in...