Threat Advisory | Caution Regarding Breaking News Update Phishing Campaigns
November 14, 2015
In light of the recent attacks in France and the media coverage surrounding this major incident, Herjavec Group would like to ensure our customers are aware of the heightened risk of potentially fake news campaigns via phishing emails. We often see innocent end users lured into opening “Breaking News” communications when a serious event like this occurs. These campaigns are used to spread damaging forms of advanced malware, often resulting in stolen credentials, data exfiltration and the establishment of a malicious foothold within an otherwise secure internal network. End users must exercise great care and consider which emails they choose to open. We recommend recommunicating the importance of this issue to your entire team as there is significant risk in opening a phishing email, or clicking on its embedded links & attachments. Attackers commonly play on the curiosity of end users and coax them into clicking on a link that takes them to the 'latest or breaking news release'.
Herjavec Group recommends that all organizations and end users properly validate emails claiming ‘BREAKING NEWS’ with subjects such as ‘Troops have been mobilized’, ‘Counter-attacks are now underway’, ‘Another wave of attacks happening now’, or ‘Latest crime scene photos’. The body of these emails may include photos and some text, followed by a link to the ‘full story’. If these emails are part of a malicious phishing campaign, then the link may lead to a fake web site hosting malware that will be covertly downloaded to the victim’s computer. The result could be an exploited machine being used to explore and further exploit valuable informational assets inside the organization. It is best to validate these ‘breaking news’ emails by ignoring the email and simply browsing an appropriate news site via a secure web browser.
If you have questions or concerns about phishing emails, please do not hesitate to contact a Herjavec Group security specialist.