Protect Your Company from Emails Intended to Compromise Sensitive Information

This week, security vendor Palo Alto Networks reported their discovery of a malicious email campaign that disguised dangerous malware behind seemingly innocent voicemail attachments from a would-be reporter. When the user clicks the attachment to play the voicemail, files are downloaded secretly onto the device, allowing hackers to access sensitive personal information.

spear phishing

Palo Alto Networks has determined that the architects of this social engineering campaign are likely the threat actors CozyDuke/CozyCar, who in the past have commonly used legitimate and recognizable websites for “spear phishing“, a form of hacking that is disguised in emails sent from parties likely to be familiar to the user, but that in reality contain dangerous malware intended to steal sensitive information.

Spear phishing campaigns are a legitimate threat to information security for both individuals and businesses, and exhibit the following key characteristics:

  1. The email appears to be sent from a person or company that is familiar to the intended victim.

Whether it’s a friend’s name taken from your public Facebook profile, or a reporter with the newspaper’s email address, the sender’s credentials should be determined before opening any sent attachments.

  1. The email’s message is likely generalized, but urges the user to open the attached file.

If the message contains no information specific to either party, remain suspicious of any attached files.

  1. Threat actors like CozyDuke pose a serious threat to information security.

According to tech company Symantec, CozyDuke and others like them have compromised major corporations and even levels of government by using social engineering campaigns in the past.

  1. To protect against spear phishing, knowledge of social engineering and how to prevent it is highly important.

Dangerous emails can be identified with the right knowledge and security measures, but without proper training or secure systems, spear phishing remains an effective way for hackers to access sensitive information.

To stay protected from social engineering tactics such as spear phishing, ensure your business has proper awareness and ability to prevent victimization. For more information on social engineering protection, contact OffSite IT at (866) 828--6674 or email: info@offsiteIT.com

Alexssa

I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

  • Los Angeles / Orange County 22607 La Palma Avenue Suite 409 Yorba Linda, CA 92887
  • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
  • 1-866-828_-6674 info@offsiteIT.com