Phishing Campaigns

WHAT IS A PHISHING CAMPAIGN

A phishing campaign is series of emails designed to manipulate people into either giving up specific information or carrying out an action.

Cyber criminals often use phishing techniques to manipulate victims into giving up specific information, such as login credentials, credit card data and personal identifiable information (PII). It is also a common vector for malware delivery and CEO fraud, the phishing emails tend to be from a seemingly trustworthy organisation or reputable staff member.

Phishing and in general social engineering attacks are the platform for the majority of breaches. They tend to be the preferred delivery method for a majority of malware infections and are associated with a large proportion of corporate system breaches.

91% of attacks by sophisticated cyber criminals start through email

MIMECAST, https://www.mimecast.com/solutions/email-security/spear-phishing

Unfortunately, for most businesses, their employees are the weakest link in their security posture. However, they can be one of the strongest tools you have at identifying attacks on your organisation.

Using similar techniques as the threat actors, Laneden can show the risks associated with phishing emails and help build a program of works to educate your employees and help them identify the attacks before they become breaches.

Laneden can provide an on-site debriefing of the campaign findings explaining how attackers could potentially gain control of your systems or/and exfiltrate data.

A comprehensive report is written containing an executive summary which gets right to the point of the associated risks. It is consumable by anyone in the organisation regardless of their technical background.

Along with enough detail to allow you to not only understand the attacks but also concise and clear guidance on how to remediate relevant concerns, and help your employees identify future phishing attempts.

CEO fraud is now a £9 billion a year scam

PURPLESEC, https://purplesec.us/resources/cyber-security-statistics/

Methodology

Laneden's assessment methodology can be broken into six phases;

Pre-engagement
Laneden will work with you and your organisation to understand your drivers and build a statement of works that meets your requirements.

Intelligence Gathering
Utilising similar techniques as those used by threat actors, Laneden uses OSINT (open-source intelligence) to collect as much information pertaining to your organisation as possible from publicly available sources. This information could be very valuable to would-be attackers.

Vulnerability Analysis
A vulnerability assessment is undertaken on your organisation's external infrastructure; this would equate to any corporate systems that are publicly accessible. The information is collated then analysed to build potential attack vectors.

Exploitation
Valid targets are selected, and exploitation paths derived, pretexts are created, and the true attack is engaged.

Post Exploitation
If access is gained to any corporate systems, it is potentially possible for the engineer to gather more information and look for security concerns that could lead to further compromise within your network. The lead engineer assigned to the engagement would contact the organisation before the exploitation phase moving any further (if not already agreed as part of the Pre-engagement).

Reporting
A comprehensive report is crafted, containing an executive summary which is consumable by anyone in the organisation regardless of the technical background. Clear and concise information describing each issue to hand along with enough technical information to remediate any issues identified.

Technical references are provided when relevant, allowing you to gather more information if required. Each vulnerability is put into context and given a risk-based score. Utilising CVSS 3 scoring and relevant context you can get a real picture for each risk and what they mean to your business and customers.

Deliverables

Our consultants engage with the client to discuss the scope and make certain all is in order before the assessment beginning

Communications at the beginning and end of each day of the engagement, confirming the plan of action for the day or if the engagement has paused for the evening

On-going communications from the engagement consultant, highlighting any major concerns as they come across them

A comprehensive report is crafted containing an executive summary which is consumable by anyone in the organisation regardless of their technical background

Clear and concise information describing each issue to hand

Technical references are provided when relevant, allowing your team to gather more information on the vulnerability if required

Each vulnerability is put into context and given a risk-based score, utilising CVSS 3 scoring and relevant context you can get a real picture for each associated risk

Simple remediation advice, advising what is required to remediate the relevant vulnerability

FREQUENTLY ASKED QUESTIONS

WHAT IS PHISHING

Phishing emails are generally sent to a large number of individuals simultaneously in an attempt to either make monetary gains or gather or "fish" sensitive information such as credentials, personally identifiable information and payment details. The cybercriminals tend to pose as a reputable source such as a supplier, colleague or some other trusted third party.

The emails often come fully loaded with legitimate-looking logos, signatures and contact details. Common examples of monetary gain emails seemingly come from banks, payment service providers such as PayPal, couriers such as DHL, Royal Mail, DPD etc., credit card providers, eBay and CEO Fraud.

WHAT IS CEO FRAUD

CEO Fraud is a scam in which cybercriminals spoof or take control of corporate email accounts and impersonate executives to try and fool unsuspecting employees into making payments or sending other confidential information to the attackers.

According to Action Fraud, the largest payment made to fraudsters was £18.5 million; however, the average loss is £35,000. Out of the £32 million reported losses since 2015, only a total of £1 million has been successfully recovered.

WHAT IS SPEAR PHISHING

Spear phishing attempts tend to be far more focused phishing emails and only go to a single individual or at most, a handful of individuals. In these instances, the cybercriminal is likely looking to gain specific information, potentially information to aid in further attacks. Cybercriminals have all the time in the world to gather data on your organisation, and the publicly available information can be very useful to attackers.

WHAT IS WHALING

Whaling as it is known, tends to be a more specific spear phishing attempt. These attacks are generally on the likes of corporate executives such as the CEO, CTO or CMO. These attacks are usually undertaken for monetary gains however they could very well be attempts to gain other sensitive information.

HOW TO SPOT A PHISHING EMAIL

Identifying phishing attempts can be achieved with reasonable ease, it just takes some know-how and practice. The processes of reporting the threat to your organisation and employees requires foresight and planning. An efficient structured approach to dealing with these threats is somewhat of a requirement or all your efforts would have been in vain.

Consider the following high level questions when reading your emails.

DOES THE COMPOSED EMAIL SEEM AT ALL ODD FROM THIS PARTICULAR PERSON?
Does the email seem out of place for any reason at all, is it being sent at a peculiar time, or are there obvious grammatical mistakes? These should raise red flags, if you are at all in any doubt. Contact the person out of band, If you received an email contact them via their phone number (if you have a record of one) never reply to the email received or use any contact details given in the email.

IS THE SENDER EXPECTING ANY ACTION ON YOUR PART?
If the sender is expecting a payment to be made or for specific links to be followed you should confirm the links by hovering over them and comparing the URL and link text visually. Do they match exactly? Any mismatch could be an attempt at deception all link should have their status checked via free services such as VirusTotal. Any positive malicious results should raise alarm.

DO YOU RECOGNISE THE DOMAIN NAME OF THE SENDER'S EMAIL ADDRESS (read it carefully)?
Look up the domain name via services such as DomainTools. This will show you the Registrar details, do they match your expectations of the sender address? Is it a newly registered domain? The colleague that sent you the email works with you and uses the same mail provider, so this should match your own domain look up, compare them.

WHAT CAN WE DO TO PROTECT OURSELVES AND OUR ORGANISATION FROM PHISHING

The weakest link in the majority of organisations is, unfortunately, their employees. They can, however, become the strongest tool in your arsenals at defending against these fraudsters. Defending against phishing type attacks is achieved in layers, the most effective measure in the layered approach, is education. It is paramount that employees are taught to understand social engineering vectors such as phishing and what to look out for in communications. Your organisation should have a process for verifying the legitimacy of requests and reporting potential fraudulent ones.

Defence In Layers
Employee education around CEO Fraud, phishing and other social engineering vectors

Defined process for authenticating requests and reporting potential phishing attempts

Multifactor authentication on any publicly accessible portals (such as email)

Ensure computer systems are secure and regularly patched

Understand what information is publicly available concerning your organisation

A competent antivirus solution should be installed on all corporate systems

Understand what information is publicly available in relation to your organisation

A competent antivirus solution should be installed on all corporate systems

View All Our Services

Get In Touch

Laneden - A Cyber-Security Company | Penetration Testing Services | Social Engineering Security Services | Ethical Hacking Services

Laneden - A Cyber-Security Company | Penetration Testing Services | Social Engineering Security Services | Ethical Hacking Services

0800 043 6967