At Vade Secure, we’re no strangers to spear phishing attacks. Our email security solutions identify these threats all the time for customers, thanks to our ability to detect not only exact sender or domain spoofing but visible alias spoofing and cousin domains. Recently, though, I came across a spear phishing attack that hit a little too close to home. That’s because I was the target.
It started with the following email, which appeared to come from Vade Secure’s CEO, Georges Lotigier:
There are a few aspects of this spear phishing message that stand out to me:
- The user alias impersonates Georges Lotigier: But the actual email address is firstname.lastname@example.org. This means the hacker researched the company and identified Georges as the CEO. Then, he created the fake email address containing “CEO” so that it would seem believable at quick glance.
- The email was “Sent from my iPad”: Wouldn’t Georges make such a request from his work email address? Normally, yes. But remember, he’s allegedly tied up in meetings. Therefore, it’s conceivable that he would send a quick email from his iPad, versus opening up his laptop in the middle of the meeting.
- The message contains no immediate request: While the hacker alludes to a task, the first email is meant to establish trust before making the request that leads to his financial payout. This technique is becoming more and more common in spear phishing attacks, as hackers attempt to lure recipients into a false sense of security.
- Vade Secure detected the attack: At Vade Secure, we ‘eat our own dog food’ and use Vade Secure for Office 365 to protect our employees. As you can see in the screenshot, the solution identified the impersonation attempt and displayed our customizable spear phishing banner, alerting me to the spear phishing attack.
Rather than simply go about my day, proud that our technology did its job, I decided to respond to the hacker and play along to see how the attack would play out. After deleting the warning banner and replying, “Yep, what do you need?” I received the following email:
Thinking that I had bought into his charade, the hacker goes for the kill: his financial reward. He says that he needs me to buy some Google Play gift cards to give to clients. Specifically, he requests that I purchase four, $500 gift cards and email him the codes—a $2,000 payout—if only I didn’t work for a market-leading email security company!
Gift Card Scams Are on the Rise
The gift card request marks another interesting shift we’re seeing in spear phishing attacks. For a long time, wire transfer requests, or business email compromise (BEC), were the most common technique employed in spear phishing emails. Although BEC attacks are still prevalent and extremely costly, we’re seeing more and more gift card scams. In 2018, the FTC issued an alert warning against a rise in gift card scams. According to the FTC, losses from fraudulent gift card payments ballooned to $53 million in the first nine months of this year.
Here’s another example received by one of our partners. The hacker impersonated the company’s CEO and emailed an employee, requesting 20, $100 iTunes gift cards. In this simpler version, the hacker doesn’t employ the phased approach of first establishing trust before requesting the purchase. Aimed at the right unsuspecting recipient, it’s a quick and easy way to turn a profit.
Detecting Spear Phishing Attacks
Always be vigilant when reading your email—even if it appears to come from a colleague, acquaintance, or even your boss. Hackers are growing increasingly adept at using publicly available information (from the web, social networks, or past data breaches) to concoct convincing spear phishing attacks.
For more insight on how Vade Secure for Office 365 detects spear phishing, watch the two-minute video below.