Safeguarding Productivity

Extra Oomph for Spear Phishing

Trustwave, a cybersecurity and managed security services provider, published a short case study in June on blocking email threats in the hotel sector. The overview said the case study was from a New Zealand-based firm (always of high interest), but it was one of the comments inside the case study that really captured my attention:

One common attack vector used to target the hospitality industry, according to the 2018 Trustwave Global Security Report, was telephone-initiated spear phishing. The caller would complain about being unable to make a reservation on the victim’s website and ask to email his details to the staff member. The attacker then emailed a message with a malicious file attached, waited until the victim confirmed they opened the attachment and then hung up the phone.

Ouch. That’s spear phishing with a lot of extra oomph and social engineering nastiness. Instead of merely relying on direct profiling of the target and a hook in an email message (that they hope will get through), the attacker goes the extra step and creates a compelling but fictional story as to why the message and its attachment must be opened immediately, thereby increasing the effectiveness of the scam.

Two thoughts:
– [1] awareness of what others are experiencing can help your staff avoid a similar attack, and
– [2] you better be doing something technically to prevent forced attacks from gaining a foothold in your environment. Trustwave, among others, has capabilities on offer in this area.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.