Cybersecurity Blog | Ingalls Information Security

The Phishing Adventures of Huck Phinn, Another Kettle of Phish

Written by Cyrus Robinson | Apr 8, 2021 4:00:00 AM
Chapter 4

Huck had narrowly eluded several phishing traps, and he now routinely screened his work Outlook email inbox for suspicious messages. He knew the red flags to look out for, but how could he keep his guard up 24/7?

One day Huck got an email sent to his personal account from an old friend, Tom Sawyer, who now worked for the St. Petersburg Baseball Association. Huck was glad to hear from Tom and followed the “secure Message” link to what looked like a Microsoft OneNote message. (Figure 1)

Can you spot the red flags in this email?

Figure 1 -The email sent to Huck's personal account

The unexpected “gitbook.io” domain in the URL bar is a tip-off that something is not quite right. But thanks to a simple, sneaky trick the criminals used, Huck overlooked this red flag and others. The trick is revealed at the end of the story. (Figure 2)

Figure 2 - The unexpected “gitbook.io” domain in the URL bar.

Meanwhile, Huck followed the “Access Here” button (Figure 2) and a fake DropBox login page opened. (Figure 3)

Figure 3 - Fake DropBox login page.

There are a raft of red flags Huck missed:

  1. Misspelling, "Share Point Online" (SharePoint, without the space, is the correct name) 
  2. Weird URL, which was later proven to have a history of malicious activity
  3. Options for signing in to "Office365" (as opposed to Office 365)
  4. Cheeky DropBox slogan: "Drop Work the way you do." 

When Huck clicked on the "Office365" option, he got a login prompt that thoughtfully reinforced "We'll never share your email with anyone else" (yeah, right...). Now, even though this email was sent to Huck’s personal email by a personal contact, Huck still didn’t catch the drift and entered his St. Petersburg Wildlife Foundation Office 365 work credentials. (Figure 4).

Figure 4 -Fake Office 365 Login Page

Notice the screen "verifing" and error message stating "InValid Credentials".

Figure 5 - Fake Login with misspelled words

Nothing appeared to happen after Huck entered his login credentials. He quickly moved on to other tasks, forgetting about the email. But something had happened. The moment Huck took the bait and entered his office email address and password, the attackers successfully harvested his St. Petersburg Wildlife Foundation Office 365 credentials and now had access to his account. 


Have you figured out the trick to this phishing scam that led Huck to let down his guard?

It turns out, Huck's friend, Tom, had also taken the bait in a similar attack. The scammers used Tom's account to target all of Tom's contacts (including Huck). Getting an email from a friend often leaves us with a sense of false security than messages from strangers. But it’s important to apply the same level of scrutiny to personal emails and review for the common red flags that give away when a phishing email is afloat in your inbox. 

Unsure how to spot a suspicious email? Download our free “Phishing Red Flags” checklist and share it with your friends and family.

It would still be months before Huck learned about the security breach at the St. Petersburg Wildlife Foundation caused by his misstep. Find out about the fallout in the conclusion to this edition of The Phishing Adventures of Huck Phinn.

To be continued…


About Ingalls

Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have. 

 

Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them.

About the Author
Cyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.