New Phishing Trend Nets 90 Percent Open Rate

If you’re a phishing attacker and want to get people to open your email messages, take these steps: 1) Research the targeted victims, 2) Design websites and/or email messages with specific details about them and their workplaces, 3) Create a message subject that looks like a forwarded travel itinerary. Then sit back and wait.

Hackers have started taking the time to do this and are getting a 90% email message open rate. That’s one of the highest ever, according to Barracuda Networks. The company has been seeing such emails and inside them have been PDF or DOCX attachments that when opened, executes the malware, and sends the victim to a very realistic website that mimics an airline or corporate travel site. Once on the site, the user is encouraged to enter their login credentials which are stolen and used to attempt to gain access to the company network. The malware will also sit in the background of the user's computer and stealthily steal data or conducts espionage.

Organizations should make sure they have perimeter security tools in place such as anti-phishing filters, sandbox environments, and behavioral and heuristics tools, to name a few. In addition, a thorough and continual training program about cybersecurity risks should be implemented to include identifying phishing attacks, social engineering techniques, and physical security procedures. And don’t forget to test employees on how they’re doing.

Many organizations stop training after doing it once per year. Unfortunately, that isn’t enough anymore. Cyberattacks are changing and evolving much quicker than that. It’s more important than ever to ensure that information about the latest hacking trends is passing across their desks on a regular basis throughout a year.

To identify this particular one, look for a subject line that starts with the “forward” indicator. It may also include a flight confirmation number, airline, destination, and/or price of a ticket. The email text is very carefully crafted to look similar to an airline’s or travel agency’s confirmation message.

Ultimately the attackers are after sensitive corporate credentials, which they use to infiltrate the network and steal other valuable information.

© Copyright 2017 Stickley on Security