ESP attacks, again. Be wary.

E

There seems to be an uptick in phishing attacks that have an impact on ESPs recently.
Your CEO
The most critical one is targeted spear-phishing attacks that claim to be internal documents sent by senior staff within the company, e.g. from the company CEO.
It’s likely that the attached documents will compromise and backdoor your machine, and from their most of your internal network, using an infected document to load a remote administration tool (RAT) such as Netwire.
Be very, very wary of document attachments, especially in generic looking emails that you weren’t expecting, from senior people. Making sure your antivirus signatures are up to date is a great idea, but nothing will protect you as effectively as not opening the infected documents.
Your domain registrar
The other campaign I’m aware of is emails that claim to be abuse reports from registrars (e.g. opensrs, tucows, etc) aimed at domain registration contacts, claiming that a domain has been suspended and that the recipient should click on a link to “download a copy of complaints received”.
e.g.

Dear Steve Atkins,
The Domain Name ABUSEMONKEY.COM have been suspended for violation of the TUCOWS, INC. Abuse Policy.

or

Dear Sir/Madam,
The following domain names have been suspended for violation of the TUCOWS, INC. Abuse Policy:
Domain Name: KNOWYOURDELIVERY.COM
Registrar: TUCOWS, INC.
Registrant Name: Steve Atkins

About the author

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By steve

Recent Posts

Archives

Follow Us