Spear Phishing and Fake URLs


Spear phishing attacks are often more successful than regular, broad-based phishing attacks because of the way hackers are able to personalize emails containing malicious files or links. If you receive a phishing email that is addressed “Dear Customer” or “To our Registered Clients,” you are less likely to be fooled than by a duplicitous email from “your boss” that has both of your names listed correctly.

As of late, users have become much more aware of fake email tactics. If they receive an email that displays their boss’s name but the sender’s email address is not familiar, they may immediately recognize that it is not a legitimate email. Many users today are aware that malicious actors can manipulate “friendly” names but, upon investigation, they can inspect the actual email address from which the email was sent. Here is an example of a friendly name accompanied by an unfamiliar email address obtained from my email spam folder:

“Kim Hamilton” <abx@abexpo.com>

It’s easy enough to find and replicate a friendly name of a person familiar to the phishing target (i.e., Kim Hamilton) as a disguise for the actual email address (i.e., abx@abexpo.com). While some users may still fall for this tactic without inspecting the entire email address, many email filters and savvy users have been thwarting this tactic for years. But beware, as hackers now have a new, more sophisticated, method of defrauding their targets: fake “look-alike” URLs.

Here, I’ve provided a fabricated example of a typical look-alike domain name attack: For the sake of this exercise, we’ll say that Joe Jackson is an accountant who works for the Rhode Island Insurance Brokers, whose website URL is www.riib.com. His boss, Judy Jones, is listed on their website as the CFO while Joe is listed as an accountant. To initiate a look-alike domain name attack, hackers will register a new URL that is closely related to the legitimate URL – in this case, www.rilb.com. Once the URL is registered, they will create a false email address Judy that looks nearly identical to her actual address (jjones@riib.com and jjones@rilb.com look very, very similar). With the URL registered and the email address created, “Judy”, the hacker, sends an email to Joe requesting a check for $30,000 wired to a particular account or that gift cards be purchased and the numbers emailed to the “CFO.” Because the email address looks legitimate at a quick glance, the malicious actors have a higher chance of success.

To avoid the trauma of a spear phishing attack, you should exercise diligence when inspecting email addresses. Confirm that the correspondence is really coming from an email address and domain that you are familiar with and trust. Additionally, put organizational processes in place for monetary requests or solicitations of sensitive information. Such policies can ensure that no action be taken until further confirmation has been obtained by means other than email.

If you would like more information on how to identify fake emails or how to protect your firm from phishing and ransomware attacks, call one of our expert technicians for a free consultation.