Massive Phishing Scam From a Surprising Source
By now you’ve likely heard about the nation-wide phishing scam that struck through what many consider a surprising source, Google Docs. What everyone down to the user level needs to keep in mind is that no avenue of attack is ever expected, but none should be surprising. If there is a way, any way, hackers and scammers can get you to let them in, they will exploit it. Awareness that any communication is a potential source of attack, and making a habit of maintaining a defensive stance are the first lines of defense for all users.
Layer 8 Security actively promotes the importance of Social Engineering prevention as the fundamental beginning of any personal or organizational cyber hygiene plan. User vigilance is the first step and could have prevented a majority of the breaches experienced in this broadcast scam.
Had users been in the habit of looking at the recipient line they may have noticed the irregularity, specifically that emails were from the address “firstname.lastname@example.org” with the target being BCC’d. Organizations that have a policy of including a brief note of purpose to any distributed attachments and links, i.e. prohibiting users from opening blind links, may have escaped being impacted.
If you have any questions about this particular phishing attack, feel free to reach us at email@example.com.BACK TO BLOGS