Anatomy of a Phishing Scam

Recently some hackers grew sloppy, exposing their tactics and the results of a major phishing campaign.

The case, which was publicized by Check Point Research as an educational tool, offers a fascinating glimpse behind the scenes of a digital crime ring.

The trick
Like all phishing attacks, this one began with fraudulent email templates. In this case, the messages mimicked Xerox scan notifications and included a target company employee’s name or title in the subject line. The bogus emails were sent through accounts that had been previously compromised so they would appear to be from legitimate sources. This is why you’re often warned that phishing attacks may appear to come from your boss—or your mom.

The crime
The attackers attached an HTML file containing code that secretly started searching for user names and passwords and sending them back to the criminals. 

The key here is that in order for all this to take place, email recipients had to fall for the phishing message and click the HTML file. That’s the error that silently opened the door to these cybercriminals. 

What you can do

  • Be more cautious than curious when you get emails with links
  • Out of the ordinary requests from trusted sources should be treated cautiously
  • Don’t feel silly about checking with IT if you’re unsure. These types of schemes are rampant and convincing

© National Security Institute, Inc.    

A Smart Allocation of Resources

Regulatory Compliance

Reduces Human Risk Factor

Well Received by Everyone

Accelerated Security Awareness

Easy to Implement

Concise and To-the-Point

Flexible & Easy to Use

Email the Fully Formatted PDF Newsletter

Deliver SecuritySense micro-training posts instantly by emailing the fully formatted PDF newsletter you receive from us on the first of each month like clockwork. 

Upload the PDFs to Your Internal Website

Upload the entire newsletter. Upload individual micro-training posts to call out security issues you want your people to focus on that month. 

Paste Our Content Into Your Existing Communications

Use the text version of SecuritySense micro-training posts to supplement other internal communications vehicles. 

Integrate HTML into Your Internal Website

Use the HTML version of SecuritySense micro-training posts to easily integrate them right into your internal facing website.