skip to Main Content

Spear Phishers Are Hijacking Your Trusted Emails

Spear Phishers Are Hijacking Your Trusted Emails


Remember how it used to be safe to click on links in emails as long as you knew that the person/company sending them to you was a trusted sender? We have bad news for you: the game has changed.


Over the summer, cyber criminals discovered a way to buck the system by using legitimate internet sites and services to infect the site’s users with malware. As detailed on Proofpoint’s blog back in July, cyber criminals discovered that they could avoid antispam filters by using PayPal’s “request money” feature. The emails sent from PayPal were sent from legitimate accounts, and the sender (i.e., the cyber criminal) used the note feature to embed a link to “details” about the transaction.


According the Proofpoint, these emails—which were undetectable by spam filters because they were actually sent from PayPal’s platform—were a bit of a “double whammy.” If you weren’t paying attention, you could just pay the requested amount (usually $100), or if you were, you could click on the link and infect your machine with Chthonic, a banking Trojan best known for using keystroke logging to steal banking information.


That particular scam proved to be fairly small, and Proofpoint’s research reported that few people actually clicked on the link that would infect them with the Trojan. The idea behind the attack, however, appears to have taken hold in the cyber criminal community.


Last week, the same tactics were reportedly being used to spread malware—this time through LinkedIn’s messaging platform. According to the KnowBe4 blog, cyber criminals have been creating fake LinkedIn accounts and then sending out connection requests to “boost” the profile’s credibility (this is not uncommon—most of us who use the platform have gotten connection requests from people we don’t know). The account appears to be a Wells Fargo profile, and for every person who accepts this random request, the account gains credibility.


Then, the fake account sends an InMail to a given user (so far, most of these users actually are Wells Fargo account holders). The InMail asks for the user’s Wells Fargo account credentials, claiming that the account holder needs to input their credentials in order to protect his or her account from fraud.


Doing so, of course, will compromise the user’s actual bank account.


Here again, this type of scam is using a legitimate tool—LinkedIn’s InMail feature—to spread malware and perpetrate cyber crime. As with the PayPal attack, the trick is that using a legitimate system to spread malware is actually pretty clever: email tools can’t detect this as spam, because technically, it isn’t.


In fact, the only way to prevent attacks like this is to ensure that you and the members of your team are educated in the basics of spearfishing. That includes implementing the philosophy of don’t click if it’s not legit—meaning, if you don’t know who is sending this and you aren’t expecting to receive something with a link, DON’T CLICK ON IT.


The better course of action? Contact the sender first. If they confirm you should click on the link, then you know you’re in the clear.


Want more advice on training your employees in the art of cyber security? Contact us here.

Leave a Reply

Back To Top