By Eric Howes,  KnowBe4 Principal Lab Researcher.

It will surprise few people to learn that during our daily review of suspicious forwarded to us by users of the Phish Alert Button (PAB) we routinely see a large number of emails targeted at employees of financial organizations — banks, credit unions, and other organizations whose business it is to manage financial assets. But malicious actors are happy to take advantage of any organization whose user accounts and networks can be compromised and leveraged for financial gain.

Over the past month we have observed the growth of a cleverly crafted phishing campaign aimed at employees of public school districts and small colleges, including community colleges. In this campaign the bad guys flood organizations with emails purporting to be from a senior figure. These malicious emails typically announce new policies governing employee conduct or a renewed focus in the organization on proper, ethical professional behavior.

Here’s a fairly routine example of one such malicious email:

3zgecsv5  - 3zgecsv5 - Clever Phishing Emails Target Educational Organizations

A couple of things to note about this email.

  • First, it is directly targeted at employees of a specifically named community college.
  • Second, although not visible in the screenshot above, the email spoofs the President of this community college — a senior figure surely familiar to most employees, if only because they are used to receiving similar organization-wide emails from that person on just this sort of topic matter.
  • Third, also not visible in that screenshot are the graphics used to establish the authority of the email — namely, the institution’s logo and school mascot.

Clearly, the bad guys prosecuting this campaign have done their research and taken the time to craft appropriately officious emails cleverly designed to trade on the authority of the senior organizational figure being spoofed. Although using a differently worded email body, this next email, targeted at employees of a public school district, employs a very similar social engineering strategy:

44cnb1qs  - 44cnb1qs - Clever Phishing Emails Target Educational Organizations

Note the slightly stilted, yet authentically bureaucratic language that one would expect in such an email — language that leads us to believe that the half-dozen or so email bodies used in this phishing campaign have been obtained from real emails harvested by the bad guys from previously compromised email accounts. Subject lines vary, but usually rely on a core set of words and ideas:

  • codes of conduct
  • ethical standards
  • professional guidelines
  • proper workplace behavior
  • rules governing conflicts of interest

Again, employees working within educational organizations — especially publicly funded institutions — will be familiar and experienced with regular discussions of these topics.

These malicious emails deliver attachments — both docs and PDF

cred_phish_page1-1  - cred phish page1 1 - Clever Phishing Emails Target Educational Organizations….that require users to click through to slickly designed external web pages inviting them to cough up their login credentials:

cred_phish_page2b  - cred phish page2b - Clever Phishing Emails Target Educational Organizations

Users gullible enough to hand their credentials over to the bad guys may not even notice anything is amiss, as submission of a username and password whisks users to a web page on their organization’s own web site specifically chosen to reinforce the authenticity of the social engineering scheme.

cred_phish_page3  - cred phish page3 - Clever Phishing Emails Target Educational Organizations

That web page, it’s worth noting, is most certainly NOT password-protected and can be accessed by any member of the public visiting the organization’s web site.

Once inside an organization malicious actors can wreak all kinds of mayhem (think ransomware). They may also elect to play a longer game by sticking to the shadows, quietly exploiting the organization’s computer resources (think processor intensive crypto-mining bots or sophisticated trojans used to harvest confidential data and gain access to financial tools).

If your organization’s business lies outside the financial industry, you shouldn’t think for a minute that it is safe from professional grade phishing campaigns. Malicious actors have developed a wide repertoire of fraudulent schemes and tools to exploit even “boring” industries like education. Make sure that your employees are equipped not only with a healthy understanding of your organization’s professional code of conduct, but with the critical skills necessary to spotting malicious emails and shutting down a potential breach of your organization when the bad guys come knocking.

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

Outlook-Mobile-Phish-Alert-Button  - Outlook Mobile Phish Alert Button - Clever Phishing Emails Target Educational Organizations

KnowBe4’s Phish Alert button now also works with Outlook Mobile for iOS and This enables your users to report suspicious emails from not only their computer but from their mobile inbox as well.   

(If you’re running Office 365 and want to give your end-users the ability to report suspicious emails from from their mobile inbox, you can enable the official Outlook Mobile app for iOS or Android directly from the KnowBe4 console. )

The Phish Alert Button gives your users a safe way to forward email threats to the team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click!

 Best of all, there is no charge!

  • Reinforces your organization’s security culture
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user’s inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!

Get your Phish Alert Button  - 382f9cb5 6469 43da 9863 6aa99e878434 - Clever Phishing Emails Target Educational Organizations

If you do not like to click on buttons with redirects, here is a link you can cut and paste into your browser:

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here