Cyber Heads-Up: Week of July 29th

Posted in: Resources » Cyber Heads-up

Good morning!

This week, we’ve got a doozie for you. As usual, the bad guys are busy trying to find their next way into a system they don’t belong in. Read on to find out more about them, and our take on what exactly is going on.

Alert 1: Microsoft OneNote Audio Note Phishing Emails 

Overview

Original article here

Phishing scammers are coming up with more innovative methods to convince their targets to provide login credentials. Such is the case with a new OneNote Audio Note phishing campaign that is currently underway.

Bleepingcomputer reported that: “This campaign comes in the form of an email with the subject “New Audio Note Received” and claims that you have received a new audio message from a contact in your address book. In order to listen to the message, though, you will need to click on a link to listen to it. 

Of particular interest is that the phishing scammers are now commonly including footer notes stating the email is safe as it was scanned by a security software. In this case, the email states it was “Scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft”. 

For Microsoft accounts and Outlook.com logins, it is important to remember that Microsoft login forms will just be on microsoft.com, live.com, microsoftonline.com, and outlook.com domains only. If you are presented with a Microsoft login form from any other URL, avoid it and only use your normal bookmarks to go to these sites.

Assura’s Take:

In the field, phishing campaigns are not only on the rise, but their sophistication and complexity continues to improve. Over 40% of all security incident are caused by successful phishing emails and other social engineering campaigns. Assura recommends that all organizations train staff members in Information Security basics to strengthen their “human firewall”. These classic signs are helpful in identifying a potential phishing attempt:

  • Misspellings throughout;
  • Unknown email addresses or domains; and
  • Odd requests at odd times of day.

Additionally, we recommend that IT staff configure email systems to mark emails in a conspicuous manner that originate from outside of your organization. There are several ways to do this including prepending a marking such as “[External Sender]” to the subject line of emails. If staff are educated to question any email from outside the organization, especially those that appear to be from an executive, this will greatly reduce the organization’s vulnerability to phishing. Finally, In the case of the above, phishers are attempting to exploit trust through stating the emails have been scanned and approved for view. If your organization isn’t using this type of service, it is important to communicate to your users that this is an obvious sign for phishing attempts. As with any phishing attempts, training and education are the strongest mitigating controls. If you are a Virtual ISO™ Defender or Guardian client, please do not hesitate to reach out to your VISO for guidance about the best way to accomplish these recommendations.

Assura Virtual ISO™ Defender and Guardian as well as Managed Security Awareness and Training clients are already receiving security training and awareness campaigns for their end users.

If you have additional questions about this threat or methods to mitigate it, please contact us at [email protected].

Sincerely,

The Assura Team

Wrap Up:

With phishing scammers on the rise with new and better techniques, now is the time to take action with your own business’s cyber security policies, systems, and employees. It’s not if you’ll get hacked anymore, it’s when you’ll get hacked. You can take steps to prevent it. If your organization needs further guidance on how to handle phishing scam emails, please contact your Assura vISO, point-of-contact, or call us Toll Free at 855-9NOHACK.