8 types of hacking and social engineering attack campaigns
Posted on November 1, 2019 by Benjamin Bressington
8 email scams hackers use to steal your identity, data and money
There are multiple attack vectors used by hackers or people who want to compromise your data. My goal is to explain the common 8 email related scams used so you can identify them and protect yourself, and your company from these attacks.
There is a common framework to understand each of these attacks. At each attack core is a social engineering strategy that exploits your trust in a person or communication from a person or brand.
Here are the 8 common types of email phishing attacks that hackers use to steal your identity.
- Whaling Attacks
- CEO Fraud
- Spear Phishing
- Brand Forgery
- Business Email Compromise
- Zero-Day Attacks
- Domain Spoofing
- Malware & Ransomware
30% of phishing emails get opened by company employees
What is a Whaling Attack?
Whaling is a type of attack whereby the criminal impersonates C-level executives and higher-ranking politicians. Whaling attacks can also be against high net worth individuals, or people of a certain status, rank, or position of importance.
By assimilating into a believable, trusted figure, the attacker builds rapport, usually using tricks like social engineering to encourage employees to follow directions. After the attacker believes the employees are completely comfortable. The attacker will use email to steal valuable information, acquire account credentials, or request a financial transfer for their personal gain, at the company’s expense.
When hackers acquire your account login and password, attackers will compromise all of your accounts. Or at least check which of your accounts use the same password. It's not uncommon for hackers to monitor your accounts for 6months to build a profile on you, your communication and see who else you can get them access. That's right attackers use you to find their next victim.
We often see these attacks increase while the C-level executive is away on travel. This travel notice has been indicated by social media posts by the executive. Or if the executive's email account is breached hackers monitor the travel notifications or check-in alerts sent by airlines.
Protect all C-Level Executives against attacks.
Unlike regular phishing attacks, whaling attacks are decidedly trickier. Hackers are very aware of how to use time pressure to increase the success of their campaigns against your employees.
Attackers rely on the fact employees are too busy to digest each element of an email, whether it’s the language or a fake domain. These hackers exploit busy employees with communications that look real, circumventing any indication of threat. If you are not applying proactive email scanning that mitigates these attacks in real-time, you are opening yourself to attack.
80% of C-Level executives are 80% more likely to be attacked than any other employee.
What’s worse with Whaling attacks prey on employee’s anxiety to not question the direct orders from managers. All of your employees need to feel safe to question any action. You will notice these attacks will increase in sophistication with Voice Phishing attacks (Vishing). That’s right hackers are not against using the telephone to ensure their attacks are successful.
It’s common for these attacks to include a signification amount of social engineering Open Source Intelligence (OSINT). This is where the attackers will build an in-depth profile of the victims online and offline behavior.
What is CEO Fraud?
CEO Fraud is a clever attack where impostors either act under CEO identities or earn the trust of high-profile users for financial gain.
This means that attackers will spoof or compromise the CEO’s accounts. This includes their phone numbers, social media, and email accounts.
In a majority of cases, CEO fraud occurs with attackers phishing an executive and securing access to his/her email, or emailing company employees from a fraudulent domain name that’s very close to the company’s domain. (Most often a character or letter is off by one or two). Usually, the criminal has used social engineering tactics to understand the business structure of an organization and coerced the exec or employee into a financial transfer.
It’s not uncommon for the CEO’s personal emails to be compromised to provide access to the company systems.
Why Does CEO Fraud Work?
CEO fraud is a sophisticated scam from both technological and social angles. CEO Frauds can be extended to other financial frauds by using the CEO’s credit for credit cards, car loans, mortgages, and store credit cards. These scams are successful because of trust exploitation. A trusted contact doesn’t raise concerns that tell us to be cautious, as these kinds of messages “feel normal.”
Attackers rely on this misplaced trust, constructing messages with certain visual elements and personalized messages, making these exploits remarkably effective and dangerous. Just think about who you trust, and how you instantly trust the communication you receive from this person without any validation that this person sent it. Just because it’s the CEO’s email address or call I.D. (phone number) the message is trusted.
Attackers may compromise a CEO account and reveal damaging information. This event not only tarnishes a reputation, it innately comes with financial damage. In cases where a CEO falls victim to a fraudulent communication, either disclosing proprietary information or transferring money to an attacker, the results will be catastrophic. There are many companies that will not report this type of fraud do to the fallout that occurs from disclosure.
What is Spear Phishing?
Spear phishing is an email (or communication) impersonating a trusted person like your boss, your CEO, a vendor, a friend, or a colleague. Virtually anyone who uses email is at risk of being exploited by spear phishing. Spear phishing campaigns impersonate anyone with trust. You don’t need a specific title or business.
The attackers want to impersonate you to leverage the domino effect. Who can you give them access to for exploitation? Yes, this damages your own reputation in the process.
What is Brand Forgery?
Brand Forgery is where attackers are impersonating your brand or the brand of a vendor that you use. Attackers will use your logo, domain name from a compromised account or domain spoofing to pass off email as they were sent by your organization.
The larger issue here with brand forgery is exploiting the trust other brands have within you. For example, if attackers send you a phishing email from Amazon.com about your recent order. You’re likely to open this email and click the links. This means attackers have successfully compromised your accounts.
Some of the most common brand forgeries that occur via email are banks, delivery companies like FedEx, DHL, USPS, Amazon.com, Target.com, Starbucks, Microsoft, and Apple, just to name a few.
What is Business Email Compromise?
Business Email Compromise (BEC) is, unfortunately, a thriving and growing scam globally that targets organizations of any size. This is one of the main categories or classification for Phishing emails frauds. Therefore it includes all of the crimes where email is the attack vector.
According to the FBI, losses from BEC attacks total billions of dollars per year. Recent reports have stated this loss at $301 million USD per month. But this number is low because it relies on reported crime statistics only. Even the FBI has declared reported crimes are only a small percentage of total losses. Many victims don’t want to report the crime for multiple reasons.
BEC security is now a necessary responsibility of every I.T. department. That’s right; you need someone responsible for email security. It’s not uncommon for this person to have to process 500 or more emails per day because of reported security threats within your company. This is one of the many reasons why ChatFortress provides you with a Virtual Security Analyst to handle this real-time email processing.
The framework for BEC frauds are the same, even though there are variations: an attacker identifies key executives or suppliers and impersonates them, convincing an employee to wire funds, sometimes very large amounts of funds. Their methods for brand forgeries and impersonation are sophisticated and fool even savvy employees.
We have seen a variation of this BEC Fraud with grandparents who think they are communicating with a friend of their grandchildren who has been locked up and needs bail money. But they don’t want to tell the parents about it, that’s while they are communicating directly with the grandparents. They are exploiting the grandparent's trust and love results in this crime, having a high success rate.
How much can you afford to lose from a BEC attack?
One of the benefits of the ChatFortress Email Guardian Artificial Intelligence is we are processing over 2 million emails per hour. In multiple countries, languages, and industries are allowing us to spot trends and variations faster than any other solution. Our A.i learns an adapts to your communication understanding the contextual relevance of your last 12 months of communication. Layered with our virtual human security analysts who provide human validation and re-enforcement.
ChatFortress Email Guardian understands that the database of attackers changes daily. However, the framework of communication remains the same for these scams allowing us to detect and mitigate them within 3 seconds of receiving the email.
What is a Zero-Day Attack?
A zero-day attack is an advanced offense that essentially is a ‘new’ not yet reported email scam. Zero-day attacks exploit vulnerabilities that exist within your computer software. This software could be used by your router, modems, website browsers, or operating systems. On average it takes 181 days for these exploits to be patched (fixed) once they are detected.
This means once a hacker reads a blog post or forum on the dark web that has reported these zero-day vulnerabilities. They have months to exploit them within your system. Months because they know your I.T. team may not patch it for 181 days or longer. That’s why it’s really important to update your systems as quickly as possible.
Many anti-phishing software products rely on a database of signatures to stop phishing. This renders them defenseless against a phishing attack until a signature for that zero-day attack is developed and deployed. It’s estimated that each month, 1.5 million new phishing sites are created. We estimate this number is low because we can show you how to clone any website for a phishing attack in less than 2 minutes. If we know how to do it I’m certain the hackers can do this as well.
This means that standard phishing protections like URL blacklists, are of limited utility since the number of URLs to be checked grows so rapidly. The length of time that it takes for a signature to be released for a piece of malware depends on its complexity but typically takes 24-48 hours. Since the first victim of a phishing attack falls for it within 82 seconds on average.
$1.4 billion is lost to email fraud every year.
ChatFortress Email Guardian leverages our real-time A.I., along with our network of 2,000 human security analysts who are expanding our threat detection databases in real-time. It takes us seconds to detect an attack anywhere in the world. Our system is updated globally to detect and mitigate these attacks across our entire network. This is why ChatFortress Email Guardian provides the protection you need against zero-day attacks while other solutions are waiting for signature-based systems to catch up.
ChatFortress Email Guardian detects Zero-day attacks by scanning Microsoft Office Macros, Malicious Links, Attached PDFs, and embedded codes. This is multi-layered scanning that scans your entire email inbox back in time up to 365 days. That’s right; we are continuously scanning your inbox to catch any malicious emails with delayed activation triggers.
- Microsoft Office Macros - Macros are a feature of Microsoft Office that allows users to automate repetitive tasks. However, Office Macros are extremely powerful and, if allowed to execute, can install malware on a computer. Phishers will create malicious Office documents and attach them to a phishing email that convinces readers to open them and allow macros to run. This is like sending you a document and hidden inside that document there code that gives the hackers access to your computers any time of the day.
- Malicious Links - Embedding links within emails is a convenient way for the sender to direct readers to their website to perform an action or receive more information. Phishers create malicious websites that infect visitors’ computers with malware and write phishing emails that convince readers to click on a link to the malicious site. We have noticed that these hackers will combine real links with fake links to bypass detection, but Email Guardian scans every link.
- Infected PDFs - Adobe’s Acrobat Reader is notorious for being prone to vulnerabilities that can be exploited to run code on a computer. Phishers take advantage of this by creating PDFs designed to install malware and attaching these PDFs to phishing emails. The emails will be crafted to convince readers to open the PDF, infecting their computer. It’s common for people to receive PDF invoices, documents, contracts, therefore hackers leverage this common behavior for their own malicious intent.
- Embedded Code - HTML emails allow more individuality in emails by including scripts and style information that enable animations and other functionality. Phishers will include malicious scripts in phishing emails that take advantage of the opportunity to run code on the reader’s computer to install malware.
What is Domain Spoofing?
Domain spoofing can be difficult to detect for even sophisticated and cautious users. For example, can you tell the difference between FACEBOOK.com and FACEB00K.com?
This is just one approach attackers use by mixing different letters or numbers with your domain name. Attackers will also use domain misspelling, hyphens, or a different domain type to catch people who don’t check.
Most users trust the authenticity of the email address that they see in the “From” field of emails they receive. Or they scan briefly and may miss a single character in a domain or email address. If an email claims that it comes from the CEO, and the email address is correct, then the recipient trusts the email. However, this field in the email can be forged to make a phishing email appear to come from a legitimate source. The ChatFortress Email Guardian’s intelligent machine learning algorithms prevent spoofing by catching abnormalities in text, fonts, and domain names, even if the threat has not been seen before. This is validated and supported across our entire network of email inboxes providing with real-time monitoring.
But how does ChatFortress Email Guardian prevent spoofing?
- Artificial Intelligence with Machine Learning - That’s right our Email Guardian scans your inbox and creates profiles on each of your emails and recipients to analyze the context for threats.
- Visual Alert Banners - Email Guardian alerts you using visual bars to the issue. This allows you to pay more attention to the emails that are suspicious. We have found that when we allow users to allow logical thinking and warn them to question the email’s integrity and trust, users reduce the risk of attack.
- Email Header Analysis - Email Guardian analyses ever email header automatically along with our one-click email reporting button. This allows you to post your email instantly to the Email Guardian team for review. Our team will review the email’s integrity to detect it’s malicious intent providing your users with a feedback look on emails. If the email is malicious, it will be removed from all users inboxes instantly.
What is Malware & Ransomware?
Over two-thirds of all malware infections begin with an infected email attachment.
This means that the document you are receiving as an attachment could cause your data breach.
Malware infections are a significant threat to organizations, with the cost of a malware attack averaging $2.4 million USD. Malware is malicious software installed on a computer, designed to do damage. This damage could be stealing data, deleting data, or ransomware attacks.
Ransomware attacks have been growing in frequency as more companies are paying the attackers, which results in more attacks happening. Ransomware is now even software as a service. You can hire hackers who for a fee will execute the ransomware, and you get paid the resulting ransom payment. That’s right ransomware is the new business model.
What is Ransomware?
Ransomware is also malicious software that is installed on a computer. It blocks access to computers as well. Ransomware is different from malware in that a criminal announces they are holding your company’s data hostage until you pay them a fee to get it back. Think of this as a digital blackmail.
Ransomware claimed more than 40 USA municipalities as victims the victims of cyberattacks this year in 2019, from major cities such as Baltimore, Albany, and Laredo, Tex., to smaller towns including Lake City, Fla. Lake City is one of the few cities to have paid a ransom demand — about $460,000 in Bitcoin, a cryptocurrency — because it thought reconstructing its systems would be even more costly. This is one of six misconception about cybersecurity to read more
But what does ransomware have to do with phishing emails?
Phishing emails are the primary delivery mechanism for malware and ransomware. Over 30% of phishing emails are opened by their recipient. 12% of users will either click on a malicious link or open a malicious attachment within the phishing email, potentially infecting their computer and the network with malware. That means right now in your office, someone is opening a phishing email, and the question becomes how you are going to protect them from the fallout.
If you want to learn more about how email phishing works check out this post.
Emails are the front doors hackers use to steal your data, compromise your system, or execute ransomware attacks.
It’s much more cost-effective for a hacker to send 1 Million emails to see who responds to it than spend hours trying to compromise your network or hardware. People will open emails within 3 minutes of them being sent; this becomes a numbers game for hackers.
Who is ChatFortress
ChatFortress is a leading cybersecurity company that is helping small and medium-size companies protect themselves from hacking attempts. Using Cybersecurity AI, Gamified cybersecurity awareness programs and providing virtual security analysts. Our goal is to help you create a cybersecurity aware culture.
ChatFortress Email Guardian is the Ultimate Anti-phishing Program as it Detects and Mitgates Email Phishing Attacks in 3 seconds using A.i Real-Time Inbox Scanning for Phishing Prevention!
Helping you verify the device and the person you're sharing wire information with via our secure chat platform. When you need to validate the person you are sending information you need ChatFortress communication. To speak with a ChatFortress Agent call (307) 999-7755. If you want a demo you can Schedule a ChatFortress demo here.
Complete your FREE scan using our Hacked Scan Tool which scans over 11 Billion compromised data records and the darkweb to see if your data has been exposed to hackers. We will tell you exactly which third party services exposed your data and what you can do about it. Complete your free scan now it only takes 30 seconds!
Talk to Us
Reduce your cybersecurity risk and exposure. Schedule time with your ChatFortress Specialist now
or Call 307-999-7755
Cybersecurity Education Links
Common Cybersecurity Mistakes and how you can protect yourself and your business from liability and financial loss! Instant Webinar Access!
Schedule Your Free Cybersecurity Risk Assessment Click Here to Schedule Call
Discover current hacker trends to steal your data and how you can protect yourself in 7 day FREE Email Cybersecurity crash course
Here are the 8 common types of email phishing attacks that hackers use to steal your identity. Are you protected?