From ProofPoint’s State of the Phish Report:  In 2022, 84% of organizations faced at least one successful phishing attack.  64% of organizations were infected by ransomware!  12% of Food and Beverage and 10% of Retail industry organizations failed against phishing simulations.  

Over the past several months we have been monitoring a noticeable rise in email phishing attacks.  Phishing emails are an attempt to “bait” you and gain your trust in an attempt to steal money, gain access to account credentials, your email address book, or other sensitive information.  Phishing emails often appear as if they come from someone you know.  Unfortunately, the names associated with email addresses, and even the addresses themselves can be faked to make them appear to come from someone trustworthy.

One of DilSe.IT’s clients was recently subject to a phishing scam where the attacker tried to get them to issue payment for tens of thousands of dollars of inventory that had been ordered.  The request looked legitimate, and even carbon copied the appropriate decision-makers within the organization.  Luckily one alert user noticed something wasn’t right and stopped the payment process and then reached-out to us.

Upon analyzing the attack we found two important things:  1) The attacker used a “look-alike domain.”  This is a nearly identical, slightly altered domain name resisted with the specific intent to be deceptive.  Cyber criminals register hundreds of look-alike domains each year with the goal of impersonating legitimate companies with a goal of making money through fraudulent means.  2) The attacker gained access to the email addresses of several management level employees likely through hacking one person who was using a personal email account for business purposes.  Often, if you click a link or reply to a phishing email an attacker can gain access to your mailbox and your email address book.  They may then monitor your email traffic for some period of time looking for ways they can fool you.  The specific attack in this case used a real vendor name, a believable payment amount, and copied a credible set of people.  In other words, the attacker used the information they collected to create a very believable attack.

Look-alike domains are effective because human minds don’t “read” the letters in familiar words.  We see the word as a whole and anticipating what it says.  We often don’t see mis-spellings, extra letters, or deleted letters if our brain thinks it knows the word.  Scammers rely on this sophisticated brain behavior to fool us into trusting a domain.  For example the scammer would use acehardwares .com in-place of acehardware .com to fool you.

DilSe.IT recommends you never allow your employees to login to their personal email accounts using your company’s computers, tablets, or mobile devices.  Like the recent phishing attack described above, personal use of company technology can significantly increase the risk of being the victim of a phishing attack.  Dil Se’s Hosted Business Services platform provides an economical way for retail stores and restaurants to issue company email addresses to all of their employees.  The mailboxes are protected by sophisticated anti-malware protection from Proofpoint.  Click here to learn more about DilSe.IT Hosted Business Services. 

If you or your organization would like information about upcoming training for detecting and avoiding phishing attacks, please email us at sales@dilse.it

At DilSe.IT, our “why” is in our name:  “Dil Se” is Hindi for “With Love” which we deliver in every interaction with our clients.

Click here to read the State of the Phish report.