Highline College

Connect with Highline College

Campus will be open on Thursday, November 21, and all classes and operations will return to normal.

Phishing Examples

Phishing Examples 2024-04-10T12:14:16+00:00

Phishing Examples

Tech Support Scams

Over the past few years online service providers have been stepping up their security game by messaging customers when they detect unusual or worrisome activity on their users’ accounts. Not surprisingly, the bad guys are using this to their advantage. Many are designed poorly with bad grammar, etc. but others look legitimate enough for someone to click if they weren’t paying close attention:

Consider this fake Paypal security notice warning potential marks of “unusual log in activity” on their accounts:

Hovering over the links would be enough to stop you from ending up on a credentials stealing web site.

And here’s a fake Microsoft notice, almost identical in appearance to an actual notice from Microsoft concerning “Unusual sign-in activity”:

This email points users to a phony 1-800 number instead of kicking users to a credentials phish.

Infected Attachments

The Hidden Dangers of .HTML Attachments

Malicious .HTML attachments aren’t seen as often as .JS or .DOC file attachments, but they are desirable for a couple of reasons. First, there is a low chance of antivirus detection since .HTML files are not commonly associated with email-borne attacks. Second, .HTML attachments are commonly used by banks and other financial institutions so people are used to seeing them in their inboxes. Here are a few examples of credential phishes we’ve seen using this attack vector:

Macros With Payloads

Malicious macros in phishing emails have become an increasingly common way of delivering ransomware in the past year. These documents too often get past anti-virus programs with no problem. The phishing emails contain a sense of urgency for the recipient and as you can see in the below screenshot, the documents step users through the process. If users fail to enable the macros, the attack is unsuccessful.

Social Media Exploits

Malicious Facebook Messages

Several Facebook users received messages in their Messenger accounts from other users already familiar to them. The message consisted of a single .SVG (Scaleable Vector Graphic) image file which, notably, bypassed Facebook’s file extensions filter. Users who clicked the file to open it were redirected to a spoofed Youtube page that prompted users to install two Chrome extensions allegedly needed to view the (non-existent) video on the page.

For most users, the two Chrome extensions were used to allow the malware a limited degree of self-propagation by exploiting the “browser’s access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.”

On some users’ PCs the embedded Javascript also downloaded and launched Nemucod [PDF], a trojan downloader with a long history of pulling down a wide variety of malicious payloads on compromised PCs. Users unlucky enough to encounter this version of the malicious script saw their PCs being taken hostage by Locky ransomware.

CEO Fraud Scams

Here’s an example of a KnowBe4 customer being a target for CEO fraud. The employee initially responded, then remembered her training and instead reported the email using the Phish Alert Button, alerting her IT department to the fraud attempt.

When the employee failed to proceed with the wire transfer, she got another email from the bad guys, who probably thought it was payday: