Does this sound familiar?
You get an email from DHL or UPS telling you about a package that has already been delivered and needs a review of the shipping documentation. There email includes a link that supposedly takes you to the document.
Instead of going to that shipping document, a malicious file goes straight to a credential harvesting page. It also installs a Trojan virus, a malicious file that can take over the user’s computer.
Spoofing attacks like that one increased dramatically late last year, and nearly a quarter of them spoofed DHL.
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or it can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
Phishing, which we’ve described on this blog, is just one form of a spoofing attack.
And, according to a recent story on cybernews.com, spoofing attacks are expected to soar.
The story notes that disruptions to supply chains caused by pandemic-related restrictions have already provided fertile grounds for threat actors who impersonate delivery companies like the example above. The story said this trend looks set to continue for the foreseeable future.
The cybernews.com piece quoted Adenike Cosgrove, cyber security strategist at Proofpoint: “Cybercriminals have shifted focus to targeting the supply chain and partner ecosystems, turning this into yet another critical threat vector. Attackers are leveraging compromised supplier accounts and [using] supplier impersonation to send malware, steal credentials, and perpetrate invoicing fraud. This is heightened in post-pandemic times, as the world struggles to sustain the supply chain for the production of goods.”
How big a problem is this increase in spoofing attacks? Last year, in just one month, 98% of 3,000 organizations monitored across the UK, US, and Australia received a threat from a supplier domain.
To make matters even more difficult, threat actors are tightening up on traditional ‘giveaways,’ such as poor grammar in emails, making their scams more convincing. Fake sites are also benefiting from superior design, with more sophisticated graphics used to make them appear genuine. All of this increases the chances of a panicky customer or stressed business employee clicking on a link containing malware.
“Phishing emails have become much more realistic-looking,” said Kristen Bolig, head of SecurityNerd. “Improvements in their deception can be seen in fewer spelling errors, use of legit company logos, or really similar replicates, more formal wording, and even email addresses that contain the company name.”
What can you do?
Continued security awareness training for your employees, with a focus on being aware of spoofing, is a must. Phishing simulation is also a highly recommended exercise to validate that your users are fully understanding and applying the information presented in the awareness training.
As always, you can lean on the Security team here at LRS. We have the expertise to help you improve your security posture and ensure that your environment is free of malware.
Just contact us for a free security consultation.