Scam of the Week: Phish with Hidden Sting

04-phishingThere is a particular type of Phishing attack which research teams see more and more often. This attack plays out as follows:

  1. Employees receive an email with an attachment — usually PDF or DOC.
  2. The body of the email contains no malicious links and consists only of a social engineering ruse to open the attached doc.
  3. The attached doc is itself not malicious — i.e., no exploits or malicious macros/scripts. What’s visible to the user is a second ruse to click an embedded link in the document.
  4. The link embedded in the doc leads to either an exploit site/page or a fake login page for a recognized service (your bank or payroll service).
  5. These phishes are slipping past anti-virus (AVs) and email security apps/appliances because the email body contains nothing obviously malicious and the attachment itself is not malicious in and of itself. AV and email security apps are not scanning the links in the attached docs.

Be watchful for this new tactic. Warn your associates about this. Never open attachments you did not request. When you get an attachment, verify if that person sent it to you actually did send it to you and why. When in doubt, throw it out. Always Think Before You Click.