The above comment from one of my websites hit my inbox yesterday afternoon. It has numerous suspect attributes that say this is at least a credential compromise attempt, perhaps a malware delivery attempt, or even a ransomware attempt. The warning attributes are:
- No prior engagement with “Joseph (surname)” as supplied in the contact form. This is Joseph’s first outreach to me.
- Joseph’s email address is very different from his name. Why the email address would include the word “michael” makes no sense since that’s not part of Joseph’s name. Nothing in the email format pattern aligns with the supplied name.
- The comment doesn’t make sense. It’s just a bunch of phrases that convey nothing.
- The requested action doesn’t follow naturally from the nonsensical comment. The reason for clicking on the link to a Google Drive file is unclear.
This strikes me as a very high cost way of delivering phishing messages, and I classify this as phishing rather than spearphishing because there’s nothing relevant in the comment to me personally based on an analysis of my communication patterns. To make this phishing attack work, the attacker has to visit each site, fill out each contact form, and submit it to the owner of the web site. In other words, it’s one phishing message at a time, as compared to using a list of breached email addresses and doing a mass mailout. But by design it does avoid the use of email servers that have low reputation ranking or are blacklisted.
I haven’t received a message like this to my inbox before. I have received many other types of mass-delivered phishing messages, but nothing that looks like this one-at-a-time attempt. Nonetheless, it is just another example of the types of opportunistic attacks that the people using your digital workplace will be subjected to. What safeguards do you have in place to protect them?
Categories: Safeguarding Productivity