Cybersecurity, Cyber Security, Phishing Email, Phishing

Sophos reports sharp rise in new email phishing scams

Security software company Sophos warns against the emergence of new email phishing scams as it is the most common point of entry for cyberattacks.

The work-from-home arrangements contributed to the increase in the use of email as one among the many cloud-based forms of communications. This development provides an avenue for cybercriminals to sneak malware and exploits into the network to steal credentials and sensitive data.

The latest data from SophosLabs show that in September 2020, 97% of the malicious spam caught by its spam traps were phishing emails, hunting for credentials or other information. The remaining 3% was a mixed bag of messages carrying links to malicious websites or with booby-trapped attachments, variously hoping to install backdoors, remote access trojans (RATs), information stealer or exploits, or to download other malicious files.

IDC MarketScape names Sophos a leader in mobile threat management

Paying ransom twice more costly than data recovery expenses

Phishing is perhaps one of the oldest and most common — and effective — tactic for attackers, as operators behind them continue to refine their skills and enhance the sophistication of their campaigns.

Sophos noted two recent examples on the rise:

Business Email Compromise (BEC): No longer confined to poorly spelled or formatted messages pretending to come from the CEO and demanding the immediate and confidential transfer of significant funds, the latest iterations are subtler and smarter. The attackers are doing their groundwork before launching the attack. They get to know the business and the target executives, adopting their language style and tone, and sometimes even actual email accounts. The absence of malicious links or attachments in such emails makes them difficult to detect with traditional security tools.

Phishing emails without links: These phishing emails bring cloned websites as HTML attachments. The attachment would simply open up the enclosed web page in the comparative safety of victims’ browser’s sandbox and ask them to unwittingly fill-up forms that will send off their data to websites controlled by criminals. Email passwords are among the most valuable credentials for crooks to acquire, simply because many people use their email account for password resets on a multitude of other accounts.

Security tips

The good news is that there’s no need to learn a whole new set of precautions against these new phishing scams. To protect yourself, Sophos recommends avoiding HTM or HTML attachments altogether unless they’re from someone you know and you are expecting them.

Avoid logging in on web pages that you arrived at from an email. If it’s a service you already know how to use — whether it’s your email, your banking site, your blog pages or a social media account – learn how to reach the login page directly. If you always find your own way to your account login pages, you’ll never be tempted by fakes.

Turn on two-factor authentication if you can. Two-factor authentication (2FA) means that you need a one-time login code, usually texted to your phone or generated by a special app, that changes every time. 2FA doesn’t guarantee to keep the crooks out, but it makes your password alone much less useful to them if they do manage to phish it.

Change passwords at once if you think you just got phished. The sooner you change your current password after putting it into a site you subsequently suspect, the less time the crooks have to try it out. Similarly, if you get as far as a “pay page” where you enter payment card data and then realize it’s a scam, call your bank’s fraud reporting number at once.

Use a web filter. A good anti-virus solution won’t just scan incoming content to stop bad stuff such as malware getting in, but will also check outbound web requests to stop good stuff such as passwords getting out. Even in “clickless” attacks, the password exfiltration relies on an outgoing web connection that a web filter could block.