Data Privacy & Security Service Digital Digest_Winter 2018

Data Privacy & Security Service

Issue 10


Source: Orrick. See full-size image .



On November 13, 2017 we learned of a scary new phishing attack that utilizes a new technique that is very hard to detect.

The emails appear to come from known contacts from another organization. In the screenshot provided you can see that at least one of the emails appears to be a reply to an existing email thread, where users at the two organizations had been emailing back and forth. The new message was noticeably short — "Morning, please see attached and confirm" (you probably see where this is

going) — but in the context of the email chain it was very convincing. The email appears to come from a person at a company who was emailing the receiver. This message ap- pears to be a reply to a legitimate email chain. What makes this social engineering attack so tricky is that the email pictured here wasn't just coming from an organi- zation the recipient knew and had been emailing with, it came as a reply to an existing email chain. That is a hard one for any user to catch in time. Receiving an infected email from a trusted source is noth- ing new, but if this is becoming a larger trend it is even more important to educate email users on how to avoid falling victims to these types of attacks.


Made with FlippingBook - Online catalogs