Email Security Blog

Election Themed Phishing Email

Phishing — the use of email to trick someone into compromising their credentials, financial assets, or valuable information — is an ever-evolving business for hackers. As the pointy tip of the spear for massive   and damaging exploits, phishing has a special place in the evil hearts of cybercriminals. It goes like this: The black hats (a.k.a cybercriminals) find a way to trick the inhabitants (a.k.a. all of us).  Then, the white hats (usually in the form of  security specialists) figure out a way to mitigate it. The black hats create a workaround to fool the white hats' defenses, and the white hats catch up again. And so it goes for operators of secure email gateways. In the world of INKY, we live and die by stopping phishing attacks before the fact. How do we do it? By staying one step ahead their authors.

Hackers are always in need of new ways to dupe the unsuspecting target, and one ready source of fresh trickery are the daily headlines. As the public’s attention lurches from one font of anxiety to the next, the phishers follow. The general focus of many recent attacks has been on the various ways in which COVID-19 has impacted everyone’s life. But the details matter. Each new wave of phishing lures uses a spin on a specific facet of the COVID-19 experience. Mostly made out of components already in circulation on the dark Web, the probes are tailored to suit the meme of the moment.

Thus, in April, phishing attackers sent extremely realistic emails impersonating President Donald Trump. In this particular phishing scam, the President was supposedly advising citizens on matters relating to virus safety, quarantine, and tax policy. In reality, as INKY discovered, these poisonous phishing emails were coming from Russia and led victims to a Website that injected malware into the computer of anyone who clicked all the way through. You can read about that wave of assaults in more detail here.

Then, there were the stimulus-check phishing scams. What enterprising phisher can turn down an opportunity to meddle when people are confined to their homes, forced to do transactions online, and anxious about money, particularly when $2 trillion is flowing through the banking system? The exceptionally well-crafted phishing emails appeared to be coming from the Federal Reserve System.  In reality, they led to a Website with a convincing-sounding URL, listed "participating" banks with real logos, and showed many other fine details that the hacker pulled from the sites of the U.S. Paycheck Protection Program (PPP), the Federal Emergency Management Agency (FEMA), and the Center for Disease Control (CDC) so as to convince the recipient that the message came from a legitimate source. INKY stopped that one, too. More reading on it can be found here.  

In the most recent batch, the tone and tenor of these headline-oriented phishing attempts shifted to the U.S. election. It was certainly a highly anxious time for most Americans, and one saturated with misinformation...which is the perfect camouflage for enterprising phishers ready to unleash a sea of phishing emails. INKY immobilized an election phishing attempt that originated in Taiwan, saving clients from even having to wonder whether the realistic pitch was real. Part of an account-takeover attack, in which a legitimate but compromised email account was used as a launching pad, the phishing email employed a "conversation hijacking" technique, where phishers take details from stolen emails to create context that allows them to insert themselves into business conversations, potentially tricking recipients into clicking on links or attachments. Once a beachhead is established through a phish that landed, the black hats can get down to work intercepting valuable data or payments.

Also seen by others in the wild, this election attack shared a known malware attachment with the file name ElectionInterference_1389293626.zip. Inside this zip file was an Excel spreadsheet with poisoned cells containing harmful macros.

And, of course, there is little doubt that the next lot of phishing threats will be related to the coming bout of stimulus being negotiated right now between Congress and the White House. It's a wave of phishing emails that is likely to feature prominent big bank logos, official-looking government documents, and lots of urgency, lest the recipient miss out on all the cash that’s going to be handed out.

Thankfully, INKY is already gearing up for this next round in order to protect its clients.  Bestowed with a unique intelligence and guided by unprecedented vision, INKY is the new solution in the war against phishing.  Unlike most anti-phishing tools, INKY uses a complex combination of computer vision, artificial intelligence (AI), and machine learning to identify phishing attempts most systems miss, spotting imposters even if they’re off by only a pixel. Thanks to INKY alert banners at the top of emails, your employees will have the assistance they need in avoiding scams and they’ll learn what to be on the lookout for. It’s employee learning and remote-worker protection all in one — keeping your organization safe.  

Would you like to learn more? Contact INKY and schedule a free demonstration today.

_____________________________

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.