Spear phishing attacks are often more successful than regular, broad-based phishing attacks because of the way hackers are able to personalize emails containing malicious files or links. If you receive a phishing email that is addressed “Dear Customer” or “To our Registered Clients,” you are less likely to be fooled than by a duplicitous email from “your boss” that has both of your names listed correctly.
As of late, users have become much more aware of fake email tactics. If they receive an email that displays their boss’s name but the sender’s email address is not familiar, they may immediately recognize that it is not a legitimate email. Many users today are aware that malicious actors can manipulate “friendly” names but, upon investigation, they can inspect the actual email address from which the email was sent. Here is an example of a friendly name accompanied by an unfamiliar email address obtained from my email spam folder:
“Kim Hamilton” <abx@abexpo.com>
It’s easy enough to find and replicate a friendly name of a person familiar to the phishing target (i.e., Kim Hamilton) as a disguise for the actual email address (i.e., abx@abexpo.com). While some users may still fall for this tactic without inspecting the entire email address, many email filters and savvy users have been thwarting this tactic for years. But beware, as hackers now have a new, more sophisticated, method of defrauding their targets: fake “look-alike” URLs.
Here, I’ve provided a fabricated example of a typical look-alike domain name attack: For the sake of this exercise, we’ll say that Joe Jackson is an accountant who works for the Rhode Island Insurance Brokers, whose website URL is www.riib.com. His boss, Judy Jones, is listed on their website as the CFO while Joe is listed as an accountant. To initiate a look-alike domain name attack, hackers will register a new URL that is closely related to the legitimate URL – in this case, www.rilb.com. Once the URL is registered, they will create a false email address Judy that looks nearly identical to her actual address (jjones@riib.com and jjones@rilb.com look very, very similar). With the URL registered and the email address created, “Judy”, the hacker, sends an email to Joe requesting a check for $30,000 wired to a particular account or that gift cards be purchased and the numbers emailed to the “CFO.” Because the email address looks legitimate at a quick glance, the malicious actors have a higher chance of success.
To avoid the trauma of a spear phishing attack, you should exercise diligence when inspecting email addresses. Confirm that the correspondence is really coming from an email address and domain that you are familiar with and trust. Additionally, put organizational processes in place for monetary requests or solicitations of sensitive information. Such policies can ensure that no action be taken until further confirmation has been obtained by means other than email.
If you would like more information on how to identify fake emails or how to protect your firm from phishing and ransomware attacks, call one of our expert technicians for a free consultation.
Nick Eckman joined NetCenergy in 2016 from an international gaming company. Nick’s experience with supervising and implementing secure, fiber and copper wire infrastructure services provides our clients with a team of highly trained and experienced technicians. In addition to the skills required to manage our infrastructure services department, Nick brings a very experienced and focused approach to project management and is a stickler for accurate documentation for every project designed and built by his team.
Peter Lachapelle joined NetCenergy in 2015 and is responsible for leading all of NetCenergy’s operations and accounting functions. Each department within NetCenergy reports through Lachapelle. He brings his years of experience to maintain a pragmatic, efficient, client-focused team at NetCenergy. Lachapelle joined NetCenergy after completing a 27-year career with a Rhode Island, federally-charted bank which culminated in his senior management position as COO and CFO for the bank.
Peter Nelson has 25+ years of technology and management experience and has been with NetCenergy since inception. Peter serves as the VP of Engineering at NetCenergy. His role consists of managing the engineering staff, driving the companies technology strategy, and ensuring NetCenergy keeps up to date on new technologies and solutions.
As a Founding Partner, Dan is a result oriented individual who is always focusing on what is best for his client. He understands that business applications empower an organization and that technology must support those critical business applications. Dan’s technology career started in 1990 at EMC Corporation. Through the years, he has represented technology and consulting services for several organizations until 2003, when he and Don Nokes founded NetCenergy.
As President of NetCenergy, Don is responsible for ensuring client satisfaction, overseeing overall performance, and for providing direction to the organization. Prior to co-founding the firm with Dan Charland, Don held senior leadership positions with IT service firms ranging in size from $3 Billion to $10 Million in annual sales.
With decades of hands-on HR experience, Margery Ahearn is our Director of Human Resources, overseeing all hiring of new positions for NetCenergy with a careful eye on sourcing technology savvy engineers and skilled office-based professionals who fit our company culture, understand our commitment to our clients, and bring their time and talents to our team. Margery has both a BA and MBA in Business Administration from Southern New Hampshire University.