Phishing Security awareness

Does Our Technician Get Paid in May?

At Nimblr, we work to develop the world’s best IT security training for end users. With regular micro-courses and simulated phishing emails, we develop security awareness and resilience among our clients’ employees. But what happens when one of our own employees is exposed to advanced spear-phishing? 

Update your payroll account
On a sunny day late in May, Nimblr’s HR manager, Caroline, decided to work from home. With heavy traffic and children leaving school earlier than usual, Caroline sometimes chooses to work from her home office. On this day, a relatively ordinary email landed in Caroline’s inbox. The email appeared to be from a colleague, Gabriel, a support technician who works in the same office as Caroline. Gabriel had a simple question; he had switched banks and asked Caroline to update his account number so that his upcoming monthly salary would be credited to the correct account.

The sender of the email had used Gabriel’s correct first and last name, and even signed off with the correct title, ‘Technical Support Specialist’. There was nothing particularly strange about either the email or the request.

Practice makes perfect
Instead of updating Nimblr’s payroll system with the new account number for the May payroll, Caroline became suspicious. Like everyone else at Nimblr, Caroline participates in the automated training program, the same system that Nimblr delivers to its customers. Thanks to our regular Security Awareness training and simulated phishing exercises, the attack was halted here. Gabriel’s salary will be paid, to the right account, in May as well! 

The email Caroline received was a spear-phishing message sent from a newly created Gmail account. It did not contain any viruses or links, but a fraudulent message that could have put an end to Gabriel’s intended Friday fun and sent his salary to a scammer.

Phishing a phisher
After Caroline reported the incident to our security officer, we decided to continue the dialog with the attacker and gather more details about the modus operandi. The new account number was never mentioned in the initial email, presumably to reduce the risk that recipients who were not fooled would report the account number to the bank, which could then block it.  We replied to the fake email, explaining that it would be no problem to update the account number, just send the details to us. We quickly received a reply back, containing an image of a document with the account number where the attacker wanted us to continue sending Gabriel’s salary. Now we were able to report the account number to the bank and hopefully stop any fraudulent payments to the account.

Most likely, the attacker chose to send the account details within an image to bypass email filters.

Spear-phishing using AI?
How did the scammer know who was responsible for the payroll system on Nimblr? How did they know that Gabriel worked at the same company, and that his title was “Technical Support Specialist”? All of this information can be retrieved from LinkedIn with a little research, or through relatively simple program code and a few logical assumptions.

These types of scams are usually more time-consuming to craft compared to more generic phishing attempts. However, it can be assumed that this was one of many messages, perhaps automatically created by AI, which is fed basic information about many different victims, and then spits out thousands of customized fraudulent emails.

Watch out and start educating your users
Fingers crossed that other recipients of similar messages are as prepared as the HR manager at Nimblr. If you’re uncertain about your organization’s resilience, I recommend booking a demo with us at Nimblr. We can then tell you more about how you can continuously train, test and keep your colleagues updated on the ever-present online attacks.

News Security awareness

5 Christmas gifts your users should watch out for

Every Christmas, it’s the same; cybercriminals use digital Christmas cards and greetings to infect and trick users. The threats and scams are not unique, but the attacks are more frequent and increasingly sophisticated. Nimblr lists five of the most common “Christmas camouflaged” threats.

During the Christmas season, lots of digital Christmas cards and greetings are sent. At the same time, Christmas is one of the holidays when we do the most online shopping, search for appropriate Christmas gifts, and communicate with distant friends with whom we are not usually in touch.

Digital Christmas cards are becoming increasingly sophisticated and often contain software code, animations, or forms. Every year, cybercriminals exploit this to trick us out of our login details and credit card numbers or to infect our systems with malicious software code. In this article Nimblr lists five of the most common digital threats this holiday season.

  1. False delivery notices for shipments
    The festive season usually sees an increase in fake delivery messages, where cybercriminals want you to believe that a delivery has been faulty or delayed. The delivery messages may appear to come from several different shippers, such as FedEx, DHL, or Postnord, and often contain a link or an attachment that can infect your system. Avoid opening attachments or clicking on links in these types of messages. If you are unsure about the authenticity of a delivery message, you can try tracking the shipment ID listed in the message on the expeditor’s own website.

  2. Gift cards from banks and shops
    With fake messages from well-known companies, cyber crooks want to trick you into thinking that – through special Christmas offers – you have the opportunity to receive a Christmas bonus. To take advantage of the Christmas offer, you are directed to a website similar to a well-known bank or online shop, where you are asked to enter personal details such as your name, credit card details, bank account, etc. The information is used by the fraudsters to hijack your accounts or is sold on to other criminals.

  3. Fake shopping websites
    Through legitimate banners or spam mailings, you are tricked into shopping from fake websites. The websites often use well-known logos and products offered at bargain prices. You are enticed to order goods and pay by credit card, but the goods are never sent. Make sure that the links to the online shops you visit are genuine and that HTTPS sites have the correct certificates.

  4. Digital Christmas cards with malicious software code
    Fake Christmas greetings by email are common, asking you to click on a link to receive the Christmas greeting. These links often lead to websites that infect your systems. Legitimate Christmas greetings should, as a minimum, include the sender’s name and email address, but even these may have been stolen for use in the attack. Never click on links in emails that do not state the sender’s real name and email address, and never download anything from the page you are referred to.

  5. Fake charity campaigns
    Many charities hold campaigns during Christmas and people are often extra generous during the holidays. This is exploited by scammers who use the logos of well-known charities in fake mailings, asking you to provide personal details and donate money. The personal details may be used for identity theft and the money donated does not go to charity at all. Use the charities’ own websites if you want to donate to charity this Christmas.

    Nimblr’s Micro Training can be performed directly on the mobile phone or in the computer’s browser. No login details are required by the user, instead each user is identified through the unique link in the email invitation. The system also sends reminders to users who have not completed courses within a given time frame and continuously reports the completion rate to the administrator.