Security researchers warn of a new tactic that makes phishing emails appear even more credible.
The makers of phishing emails have learned a lot in recent years and the times when such messages were immediately exposed due to countless spelling mistakes are long gone. Today you often have to take a very close look to uncover fraudulent emails. With a new stitch, this could become even more difficult.
The enemy is in the CC
The Iranian hacker group TA453 not only sends its fraudulent emails to victims, but sometimes also CCs several people. These email addresses are under the attackers’ control. After a victim has received such an email, the attackers reply via an address set in the CC in order to initiate a conversation and thereby increase credibility.
In a report, Proofpoint security researchers cite a fake email sent on behalf of a genome researcher as an example. A CC contact replies to the email with a link to a document prepared with malicious code. The resulting conversation is intended to inspire trust among victims and thus increase credibility. In another example, a conversation ensued between two nuclear weapons control academics and three fake individuals who were CCed.
Not perfect yet
The report does not state whether the attacks in the examples were successful. Proofpoint states that the senders and CC addresses in their observations were always private email addresses from AOL or Google, for example. Of course, that looks unprofessional and could open the scam. It remains to be seen how criminals will expand the approach further in the future.
In general, mistrust should apply to e-mails. You should never click on links in emails or even open file attachments without thinking. Fake emails with attachments are still the most common way that blackmail Trojans infect computers.
