As security solutions continue to advance, so too do the techniques that threat actors employ in their attempts to bypass security. As threats continue to develop it is important to remain vigilant and aware of security trends to build a strong human firewall.
There has been a large amount of activity from threat actors recently focusing on spear phishing attacks and use of Business Email Compromise (BEC). These are highly targeted attempts designed to fool specific individuals. Common tactics within this category include spoofing an email address of a colleague or supplier to trick the victim into thinking the attacker is someone they know or using an account they have compromised already to make use of mailing contact lists. Both rely on the victim lowering their guard because they recognize the email address as someone they know and trust.
When the victim receives a spear phishing email and engages with the threat actor, they are typically sent a link to visit. A common example is to be linked to a legitimate service, such as Microsoft Forms, which then has an additional link within the form. When the victim visits this website, they are prompted for their credentials which the attacker is then able to steal. This is why it is critical to be vigilant of all links, attachments, and credential requests you receive.
There are common red flags to watch out for in these emails.
- Check the sender address. Threat actors commonly use spoofing techniques, where the display name on the email may show one name, but by hovering your cursor over it, will reveal the actual address. Look for inconsistencies, such as typos or similar characters to trick you, such as replacing an O with a zero (0).
- Look for inconsistencies in the email. Does their vocabulary, signature etc. match their usual writing techniques?
- Be wary of all links and attachments, especially those that you were not expecting. If you receive an attachment that you are unsure of, either report the message to IT or contact the sender via another means, like a phone call, to confirm if it is legitimate.
- Never enter your credentials such as password or MFA authentication following a link you received in an email, even if it is from a trusted sender.
- If you are ever prompted to enter your credentials online, refer to the URL box in your browser’s window to see if it matches the site you were expecting.
If you have any questions about further security awareness training measures and techniques, contact the CSOLVE team!
Our friends at the CLH Foundation are once again hosting their Red Carpet fundraising event! This year’s event is happening on April 13 at The King’s Wharf Theatre. This beloved Canadian music series and premier fundraiser features an updated format with a cocktail reception from 7:00-7:45pm, opening remarks, and a live and intimate performance with The Trews Acoustic Trio!
CLH Foundation’s A Red Carpet Concert raises awareness of the great work of CLH Developmental Support Services, and raises funds to support enriched opportunities for CLH-supported adults, seniors, youth and children.
To learn more about the event and purchase tickets:A Red Carpet Concert | CLH Foundation