Phishing and Spam Emails

Written By: Matthew James
Published On:

A brief overview:-

  • Be aware or the re-emergence of Spam emails using spoofed sending address of a colleague/high ranking officer of your organisation/supplier.
  • Simple yet sophisticated in its operation
  • Utilises social engineering to trick you to send money, and no, there is no Nigerian prince involved.

The Details

Not asleep yet? Here is the more detailed information.

A few common questions that come through to the support desk here at ESP Projects relate to phishing and spam emails.

Let’s face it, spam emails are never welcome, but when they come with added danger, as with Phishing or Malware infected emails then caution needs to apply to our everyday actions to prevent some BIG problems.

But why do we even have spam anymore? Shouldn’t this be an easy issue to resolve? The answer to this actually stems from the early days of the internet and the base protocols it is based upon. In the case is Email this protocol is SMTP, and it is a protocol which was created back in the days when the internet was small and innocent, so it was built with trust, ease of use and reliability in mind (direct quote from http://www.interspire.smtp.com/resources/encyclopedia/smtp-and-spam) since those early days SMTP has been bolstered quite a bit, and other supporting systems have spawned to try and help limit amounts of spam, but it is still papering over the cracks in the base protocol.. Why does Email still use SMTP? There are a few reasons, but is does mostly come down to cost, it would be hugely expensive to replace all the servers on the internet that currently carry our SMTP-based emails to servers utilising another protocol.

So, in many ways, Spam is here to stay, the best we can do is to act accordingly to reduce the amount we see, and what we do with the ones that do come through to our inboxes.
Notice that I didn’t say “reduce the amount of spam that you get sent” there is no way of stopping an email being sent to an address, if a spammer has your email address, they can send to it (although you can help by not posting your email address all over the internet). There are many hoops you can get it to jump through before it reaches your eyes though. Here at ESP Projects we can recommend, install and tune a number of antispam filters…. but that is not what this post is about, all this has just been a build-up for the real subject of the post, setting the framework, drawing the landscape as it were.

So what am I actually talking about today? And why the long intro?  I actually want to talk about a form of social engineering spam which has seen a re-emergence over the last 12 months or so, with several of our clients coming across it, but luckily not falling for it. We wanted to try some preventative maintenance by telling you about it, unfortunately, you need some of the previous few paragraphs to understand a little of what we are talking about still occurs on the modern internet.

This email scam spoofs the address it is sent from, (utilising some of the loopholes mentioned above) and to the first casual glance looks very legitimate. These emails tend to be short, well written and initially do not tend to force action straight away, they invite you to start a dialogue with them. When you reply, the address the reply goes to is NOT the same address as it pretends to be sent from.
Typically the email would appear something like below:-

*****************************************************************************************
From: CEO@yourcompany.com (their actual address, you will probably be familiar with the address, so will already be taking more notice of this email and in the frame of mind to accept its contents)
Subject: Good Morning

Hi (Your name will regularly be in here, and correct)

Can you process a same day bank transfer today? Let me know what time is the cut off and What are the adequate details needed for you to process it.

Thanks (Real name of your CEO or other high-ranking member of your organisation, supplier ETC.)
*****************************************************************************************

As you can see, this message appears very natural, all the details that you can see in there appear to be correct. It is very believable. If you haven’t noticed any issues so far, the natural thing to do is hit reply and ask your CEO more details, such as where to, how much etc.

The first visible indication you will get that this is not legitimate is when you reply, the To: address is not your CEOs. It may be very close, they may have registered a whole new domain name to run this scam against you, and the domain may be different to your companies legitimate email addresses by just 1 character. How hard do you check email addresses you are sending to when you’ve hit the reply button? For instance, would you notice that the “l” in the domain name has been swapped out for a “1”? So you reply to the email and ask the spammer where they would like the money, how much they want to send etc.
Further replies will be well written and created to not arise suspicion. you might well get through a short email conversation still thinking you are talking to your CEO and following all instructions, and sending money directly to the spammer.  Isn’t that nice of you.

So how can you avoid this?

  1. Be aware that this, and other social manipulation techniques are in use and just double check yourself when dealing with financial emails. It may not pretend to be from your CEO, it may be a supplier or customer that you deal with daily that they have been able to spoof
  2. Double check whenever you can. I’m sure your CEO would rather field a phone call from you re this potential payment rather than you sending money to a spammer.

A good write up on this particular form of spoofed email can be found here:- https://www.dlapiper.com/en/us/insights/publications/2015/08/wire-transfer-phishing-an-old-scam-returns/

If you would like to talk to use further about this form of scam, or any other technical queries then please get in touch.