Safer Internet Day 2019

Today is World Safer Internet Day 2019 #SID2019. This year's theme is "Together for a better internet" and encourges everyone to develop four critical skills to do this called the four Rs: Respect, Responsibility, Reasoning and Resilience.


#saferinternetday is also a good opportunity to learn. Recently, there have been a spate of Phishing and Vishing scams doing the rounds and I thought it was a great time to share some of the scams we've recently come across.
Phishing Scams

We detected a good one yesterday when a staff member received an email like the below:

jdhfgs.png

Now looking up Egnyte, it is a real service, in fact, it’s an enterprise file sharing service used by some of the biggest companies around the world. The sender (sender name) was known to the staff member as well, and the sender address was legitimate as in it was generated from the Egnyte platform.

engty.png

The staff member also uses the services of Dicker Data and the url for the link is indeed their Egnyte service.

beepbop.png
All looks legit right?  After detonating the email in a sandbox, indeed the URL is legit and takes you to a shared file/link which actually takes you to a site to harvest credentials and personal data and also hits you with a drive by malware attack.  Luckily Google was one step ahead and also instigated a block.

deception.png

So what actually happened?  Well this is a common method used by attackers, they compromised a users legitimate account at this organisation (in this case egnyte), which could of happened through “Credential Stuffing” (Password reuse) or another method and used their file sharing account to distribute a payload to the victims. 

The attacker would have leveraged either contacts in their address book, if part of a larger breach including OWA, or the address book in Egnyte for the victim, to send out the phish to all of their contacts.  Sophisticated right?  Phishing attacks continue to become more and more sophisticated. 

After we received the email, we contacted the organisation and they did their bit cleaning up the compromised egnyte account and the link is now offline.

A tough one to spot, but with regular awareness training and Phishing of your staff, they too will be able to pick up this Phish like our staff member did.  He was not excepting a file share via Egnyte and so knew to notify us right away. We have a great solution called Cyberaware which does exactly that, it provides online training and phishing for your staff. For more information please contact us.

Another Phish doing the rounds is the usual Telstra ones, we saw these a lot last year and they continue this year.  Here is an example of a recent Phish I received:

tesltra.png

It had a lot of common indicators of a Phish
  •  Used the fake email address as the sender name to look legit
  • Used a long email address to hide the real domain from view
  • Email address uses a different non Telstra domain flagged as malicious
  • All Links in the email go to a shortening service (in this case t.co) which redirects the target to  fake Phishing site designed to harvest payment details

Vishing

Another big scam doing the rounds at the moment is a Vish (voice and phishing) purporting to be from the Australian Taxation Office (ATO) and advising the person they have a committed a tax fraud offense and criminal action is being taken against them and to call a number. The voice is an automated robot voice and comes from a myriad of different numbers so its hard to track down and block. I received calls from the following numbers:
  • 0488828578
  • 0872001347
  • 0280912934
  • Private blocked number

As you can see, they come from two different states, as well as mobile and blocked numbers. If I don’t know the number I normally screen the call, if it’s a legit number/call, they will leave a message and I’ll call them straight back. 

Even answering one of these calls is basically telling the attackers that your number exists and that you answer. Calling the number will take you through to a scammer trying to harvest your personal info and make a payment to them by giving out your credit card details.

Speaking to others, it's clear countless people are receiving these scam calls at the moment and, they should be ignored. 

I’ve attached one of my voicemails below so you know what to look out for:



Please continue to be aware and look out for these scams and phishes doing the rounds and support Safer Internet Day 2019. Let’s all do our bit to make the internet a safer place for us all.