No matter how many warnings around phishing there are, and no matter how many times the details of a phishing attack hits the news, this technique continues to be extremely successful. This is because these attacks rely on manipulating people’s trust, more often than not appear to be a legitimate email from a trusted contact, which remains true for the phishing kit 16Shop – the latest to hit the headlines.
16Shop was originally discovered by security researchers Oliver Devane and Rafael Pena at McAfee Labs at the end of 2018, when the attack was targeting Apple users in Japan and the US. The attack works by sending users an email with a PDF attachment. When a user clicks on the attached PDF – which is actually a phishing site – they are instructed to update their account information, which unsurprisingly includes inputting financial information such as credit card details.
Opportunistic as ever, 16Shop was most recently found to be targeting Amazon users during this year’s Amazon Prime day. This was a very calculated move, as with a record breaking 175 million products reportedly sold on the site in 48 hours, a fair few unsuspecting victims were likely to have fallen into the trap. Researchers have warned that the group behind 16Shop are continuing to develop this phishing kit – meaning that people must be more careful than ever when it comes to receiving unsolicited emails. With numerous shopping extravaganzas happening throughout the year, with other examples including Black Friday and Cyber Monday, it is very likely that hackers will try this again.
So, what can be done?
As ever, caution and vigilance are the most important ways that users can protect themselves from phishing attacks such as those engineered by 16Shop, by not opening emails from unknown contacts, and not clicking on attachments and links in emails whether or not the sender appears to be a legitimate organisation or individual.
However, businesses can go beyond this on behalf of their staff and make sure malicious links and false emails aren’t making it into their work inboxes in the first place. The onus really falls on businesses here. Organisations must accept that their employees will always pose a risk when it comes to phishing attacks, as all its takes is one individual to fall for a phishing email, and a whole company can be compromised as a result. Ongoing education is an important component of any strategy to prevent attacks – the discovery of 16Shop simply adds another example to the roster of phishing kits we are aware of – and therefore employees must be regularly updated on what to look out for.
Nevertheless, the likelihood of human error is so high that it is also crucial that businesses have appropriate protection software in place, for the inevitable instances when a phishing email manages to fly under the radar of employees. Email security solutions today can detect malicious links and rewrite them before a user has the chance to make the fatal error of clicking them, which is extremely important when it comes to keeping a company – and its assets – from being infiltrated.
Evolving threats require evolving security
To mitigate this risk of phishing, organisations should deploy algorithmic analysis to identify suspicious emails, as well as traditional pattern matching. Traditionally, email security tools worked using pattern-based approaches, looking at messages for elements that had already been observed in a live spam run, or previous spam run. This approach is still valuable, although fairly rudimentary and email security tools have to keep pace with the evolving cyber threat landscape.
Algorithmic analysis is, therefore, vital for catching advanced attacks. Rather than looking at email content, algorithmic analysis breaks down the email into its core characteristics and attributes and assigns each email a weighted score on how suspicious it is. Using this far more sophisticated analysis, alongside pattern analysis which still has its place, organisations can deploy a multi-layered approach to go a long way towards halting incoming attacks.
Threat intelligence is also becoming increasingly important in many aspects of security, and email security is no different. Domain-based threat intel will provide a high risk rating if the registrant has a criminal track record of registering domains and using them to launch attacks, or distribute malware.
Censornet’s email security provides the required protection to stop many phishing attempts from slipping through the net. If you would like to find out more about how Censornet can help keep your business secure, please get in touch.