They will only enter your password into the legitimate login page.
This is a perfect example of why password managers (even the free ones like LastPass) are so important. These attacks are able to fool even savvy users because the link points to a legitimate service that lowers their guard when leading them to a login page. Some hosting sites scan files for malware, but none look for malicious links. Why it is effective: Most email security scans look for malicious links, but the URL of a trusted file share provider receives no further scrutiny. A common attack will tell the victim they must authenticate to view the document, leading them to a fake login page. While file-hosting services might scan for malware, they do not scan for malicious links.
It will point to a file hosted on a legitimate sharing service, most commonly Microsoft’s OneDrive.
How it works: A hacker will send an email that does not seem suspicious. A simple “did you just ask for the HR file” text is enough to counter this type of attack.īecause most email systems will scan email for a malicious link, attackers are now embedding them within shared files and posting them on trusted sites like Box, G Suite and Dropbox. If a request comes by phone, the conversation continues in an email.
If someone asks for something via email, the response is sent via Slack. What you can do: Many companies have instituted a policy of “channel switching” for certain types of transactions. They can come by email, phone or even text message. The innocuous first message reduces the risk of detection and self-selects for the distracted or gullible victim. Why they are effective: The recent spate of database breaches have provided the attackers with a wealth of information that can make it easy to create highly targeted, personalized messages. For example, "Hey, are you in the office?" Only after three or four messages will the attacker make a request to send a document, edit a file or send a gift card. The first message is often just a hook to start a dialog. How they work: These attacks are highly targeted and rely on specific information about the victim and the person they are pretending to be. These differ from traditional attacks because they lead to real-time, interactive dialogs with the attacker. There are no links, attachments or malicious content - just a convincing message from someone pretending to be your boss or co-worker. We’ve seen an increase in so-called business email compromise (BEC) attacks where there’s nothing clickable in the email. You should also investigate third-party tools that can add security to these unmonitored channels. Employees should treat all communication channels as suspect. What you can do: Include these tools in your employee awareness training. Ironically, users are more likely to click on a link or file in a chat than they would in an email. Why they are effective: Slack, Skype, Teams, Facebook Messenger and other non-email platforms do not have the same built-in security measures as email such as link scanning, malware detection or data leak protection.
While users have been trained to be suspicious of email, they tend to be overly trusting when using these tools. How they work: These attacks use many of the same methods as classic email-based phishing (malicious links, impersonation etc.), but they are delivered through the new breed of collaboration apps.