Scam Of The Week: The Evil Airline Phishing Attack
-
Our friends at Barracuda run their Email Threat Scanner over hundreds of thousands of customer mailboxes and discovered a highly effective phishing attack that tricks a whopping 90% of the victims. You need to tell your users about this right away.This evil airline phishing attack combines all "criminal best-practices" to steal credentials and drop malware on disk which is used to then further hack into your network.
The campaign targets companies that deal with frequent shipping of goods or employee travel, for instance logistics, shipping, or manufacturing, but almost any organization has people that frequently visit customers or business partners.
The phishing attack targets these employees, and the attackers do quite a bit of research before sending the phishing emails. The messages are constructed with subject lines and bodies that include destinations, airlines, and other details that are specific to each victim, helping them appear more authentic. Here is an example subject line:
Fwd: United Airlines: Confirmation β Flight to Tokyo β $3,543.30
βAfter getting the employee to open the email, the second tool employed by the attacker is an advanced persistent threat embedded in an email attachment. The attachment, usually a flight confirmation or receipt, is typically formatted as a PDF or DOCX document. In this attack, the malware will be executed upon the opening of the document,β Asaf Cidon, vice president of content security services at Barracuda, said in a post explaining the attacks."
To start with, send this to all employees, no matter if they travel or not. Feel free to copy/paste/edit:
"There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed "From" email address that also looks legit.
"Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.
"Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always.... Think before You Click!"
What To Do About It
Barracuda recommends the following. (Here at KnowBe4 we call it defense-in-depth but it is the same concept):
"Companies should use a multi-layered security approach to block this type of attack.
- The first layer is sandboxing. Effective sandboxing and advanced persistent threat prevention should be able to block malware before it ever reaches the corporate mail server.
- The second layer is anti-phishing protection. Advanced phishing engines with Link Protection look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.
- The third layer is employee training and awareness. Regular training and testing of your employees will increase their awareness and help them catch targeted attacks without compromising your internal network."
We could not agree more.
If you want to spend less time putting out fires, get more time to be proactive, and get the things done you know need to be done, step your employees through effective security awareness training. It will help you prevent compromises like this or at least make it much harder for the bad guys to social engineer your users. More than 9,000 of your peers are using KnowBe4.
-
Is there an actual blog link so I can share?
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
-
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attack -
A tag seems to be missing on this article as it does not show up here.
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
-
Not horribly targeted if this is the one talked about. This came to an admin email account.
Office 365 spam filters caught this one.Interestingly, the first link goes to a bad place as expected.
http://kismettic.com.tr/delta/getnum.php?id=NDIyNGpqYWRtaW5AampkcmFpbmFnZS5jb200MDQx
But the second link (with a typo in the visible URL) actually goes to Delta.
https://www.delta.com/content/www/en_US/support.html
-
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
-
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
Not if security is your goal or educating the boss is important. It's feeding into emotional illogic. Depends if your job is "toe the line" or if you are in security. Given that it is a security post, getting the CEO on board with security is already important.
-
-
If the issue is illogical emotional response, just call it a blog. Because.... it is.
-
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
It has to do with legitimacy. Sure anyone can build a corporate style website, but it's quite a bit of effort compared to making a post on a forum and acting like an expert. Also, KnowBe4 is a known player and they produce regular, reputable content.
-
@scottalanmiller , wasn't the reason fo ML because SW got to be a bunch of home users and managers with no IT knowledge?
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
It has to do with legitimacy. Sure anyone can build a corporate style website, but it's quite a bit of effort compared to making a post on a forum and acting like an expert. Also, KnowBe4 is a known player and they produce regular, reputable content.
But it was KnowBe4 making the post here. I was taking that into account.
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller , wasn't the reason fo ML because SW got to be a bunch of home users and managers with no IT knowledge?
No, not the driving reason.
-
Look at curtis. He has alot of "cred" when you look at his SW points, But everything he posts is garbage.
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
It has to do with legitimacy. Sure anyone can build a corporate style website, but it's quite a bit of effort compared to making a post on a forum and acting like an expert. Also, KnowBe4 is a known player and they produce regular, reputable content.
Remember that KnowBe4 is a verified vendor here in ML. So the same kind of verification process that you would have from someone checking a corporate blog.
-
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@RojoLoco said in Scam Of The Week: The Evil Airline Phishing Attack:
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
@mlnews said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Is there an actual blog link so I can share?
https://mangolassi.it/topic/13150/scam-of-the-week-the-evil-airline-phishing-attack/
Believe me I love mangolassi, but sending management to a forum to read a security article, probably won't be as effective as sending them to a blog link.
btw
https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attackWhat makes management respond to one form of blogging in one way and not the other? That reaction should be a security concern. The difference between a blog and a forum is only one of perception.
Sure, but if an individual knows that their boss would prefer blog post A to forum post B, then you give them the blog post instead of trying to convince them that their perception is skewed. That's called "keeping your job 101".
It has to do with legitimacy. Sure anyone can build a corporate style website, but it's quite a bit of effort compared to making a post on a forum and acting like an expert. Also, KnowBe4 is a known player and they produce regular, reputable content.
But it was KnowBe4 making the post here. I was taking that into account.
right, but my manager wouldn't have known. That is all I was saying
-
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Look at curtis. He has alot of "cred" when you look at his SW points, But everything he posts is garbage.
SW has no cred system. It only has an "activity" system. But I'm unclear what that means in this context. We are talking about the same person posting on one blog or another. Curtis posting on a corporate blog should be considered a joke, being on a corporate blog should not give him any credibility.
-
@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:
@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:
Look at curtis. He has alot of "cred" when you look at his SW points, But everything he posts is garbage.
SW has no cred system. It only has an "activity" system. But I'm unclear what that means in this context. We are talking about the same person posting on one blog or another. Curtis posting on a corporate blog should be considered a joke, being on a corporate blog should not give him any credibility.
Any legitimate blog would filter his post, before posting it. In a forum all posts can be found and/or linked.
