Threat researchers at Mimecast have discovered a new phishing attack which uses server-parsed HTML (SHTML) files to direct users to malicious websites where they are requested to give sensitive information. If the user enters this information, it will immediately be given to cyber criminals thought to be working in the UK.
This particular phishing campaign delivers a “tried and tested” trick involving simple emails that show receipt--in this case, displaying a payment of thousands of British pounds. The intent is to provide shock value and encourage victims to click to find out what the extravagant payment was for, thus pulling them into the scheme.
According to Danny Palmer, senior reporter at ZDNet, it is thought that 1 in 61 emails contain phishing attacks. These phishing campaigns tend to be sophisticated and look like a normal, harmless email, sometimes even from someone you know such as within the company you work for, and this is often where users fall victim to the crime. The campaigns are generally designed to encourage you to click on a link which then redirects you to the attack where you are prompted to enter sensitive data.
Among the most vulnerable for this type of attack are banking and financial institutes, but what all targets have in common are that they all contain a large array of login credentials, personal data, and financial information that is of value to hackers.
Phishing continues to be one of the main ploys of hackers and one of the top methods of deception. It is imperative that organizations train and educate employees on the dangers of cybercrime and how to spot these attacks.
Tomasz Kolm, senior engineering manager at Mimecast, concluded that while technology can help prevent and filter these attacks, people themselves are essential to building a defense against cyber attacks.
“Train every employee so they can spot a malicious email the second it arrives in their inbox. This can't be an annual box-ticking quiz, it needs to be regular and engaging. Phishing is not going away any time soon, so you need to ensure your employees can act as a final line of defense against these threats," Kolm said.
Further Reading: https://www.zdnet.com/article/this-strange-new-phishing-attack-uses-a-surprise-bill-to-trick-you-into-clicking/
Stay safe out there!
- The PJ Networks Team
