The Phishing Adventures of Huck Phinn, Another Kettle of Phish
Chapter 4 Huck had narrowly eluded several phishing traps, and he now routinely screened his work Outlook email inbox for suspicious messages. He...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
3 min read
Cyrus Robinson : Mar 11, 2021 12:00:00 AM
In Chapter One we mentioned that the most common phishing attacks are mass emails sent to as many recipients as possible in hopes that even a few high-value targets will be compromised.
That’s what happened when Huckleberry "Huck" Phinn, a senior employee at the St. Petersburg Wildlife Foundation, received an email from SFaxRemittanceInformationTransmittalCenter. (The email content is real; names and numbers have been changed. (Figure 1)
Figure 1 - Email From SFaxRemittanceInformationTransmittalCenter
At first, Huck doesn’t see anything suspicious about this email.
Figure 2 - Disclaimer from a real law firm in Illinois, and links to a “Risk Management Bulletin”.
Huck glances at the topic and the linked article. It looks legitimate and contains actual content. Including links to a legitimate website is a common tactic that malicious attackers use to avoid detection by email security and filtering solutions. Here’s what Huck saw when he clicked on the link (Figure 3).
Figure 3 - What Huck saw when he clicked on the link
However, the email doesn’t end with the article. The email tells Huck that he has received a “fax” from this SRFax service and includes links to “PREVIEW OR PRINT PAYMENT” and to ”View email in browser.” (Figure 4)
Figure 4 - Links to “PREVIEW OR PRINT PAYMENT” and to ”View email in browser”
These links redirect Huck to a OneNote page that includes a blurry picture of a document with a Bank of America logo which was also included in the original email Huck received. The caption of this image says to "Click below image to view fax document anytime." This OneNote page contained much of the same information included in the phishing email, and it also contained the warning to "Use receiving email to access documents to prevent error." (Figure 5)
Figure 5 - OneNote page that includes a blurry picture of a document with a Bank of America logo
Huck missed a few red flags but he caught on in time. He doesn’t fall for it, and neither should you.
Here are all the red flags so far in this one real phishing email:
If Huck had fallen for the phishing attack his next click would have taken him to a fake Microsoft Office 365 login page. It looks convincing, including a default Microsoft background image, and it doesn’t contain any typos or grammatical errors that often accompany phishing attacks. After entering an email address and password, the login would have failed, but whether correct or not, whatever information entered by Huck on the fake login page would have been harvested by the attacker(s). (Figure 6)
Figure 6 - Fake Microsoft Office 365 login page
Click here to reveal the answer.
...to be continued.
Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them. |
|
About the AuthorCyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.
|
Chapter 4 Huck had narrowly eluded several phishing traps, and he now routinely screened his work Outlook email inbox for suspicious messages. He...
Chapter 3 In the previous chapter, Huck Phinn, who works for an environmental group, narrowly escaped a phishing email trap by recognizing red flags....
Chapter 7 It's Cybersecurity Awareness Month, so we thought it was a good time to bring back our good friend Huck Phinn for another adventure in...