Find out more about our phishing simulations and awareness training courses.
Discover the possible applications for your company
Nikolas Rösener
Security Expert
- cyber-security@ohb-ds.de
- 0421220950
Communication in the digital business world is almost unimaginable without email. Digital letters and attachments can be transported from one end of the world to the other in no time at all, enabling the efficient and global exchange of information. However, these advantages can also be misused for malicious purposes:
As receiving and sending emails is already an integral part of many people's everyday working lives these days, employees or even management positions in companies are particularly attractive phishing targets. If an attacker succeeds in deceiving the victim, depending on the target of the attack, they can gain access to the victim's internal company information or login details or even take over the target's system and thus penetrate the internal network.
The attackers usually have a financial motivation, but in some cases the focus is also on simply damaging a company. By infiltrating so-called ransomware, after a successful attack that grants access to the target's system, the attacker encrypts the file system and then demands a ransom to decrypt the data. In scenarios where the attacker was able to obtain the victim's login credentials or company information, these are usually used for further attacks or sold on to third parties.
A good phishing email can appear deceptively genuine at first glance and motivate the victim to click on the link before the authenticity of the email can even be doubted. However, there are a number of aspects that can be used to evaluate the authenticity of a received email without much effort.
One characteristic of this is the sender's address. In most cases, the sender address is either a conspicuously foreign address or it differs only very subtly from trustworthy websites in the domain section, for example by using visually similar letters. However, experienced attackers also try to distract the victim from the sender address used by forging sender names or exploit DNS misconfigurations to forge the sender address without the mail being filtered or marked as spam.
Another feature is the way the content of the email is formatted. If, for example, strange formatting, outdated logos or a different language is used for no apparent reason, this may indicate a possible phishing attempt.
However, the most decisive feature is the content of the email received. If, for example, you are asked to open a link below and log in to do something or download and execute a file, this can often indicate a possible attempt at fraud. In this case, you should first hover over the link to check which page this link really refers to or check the legitimacy of the attached files.
A common attack scenario is so-called "credential harvesting", in which an attacker clones the login page of a known service or a service used in the company and hosts it on the Internet. The link to the cloned page is then sent in the email, along with a request to log in to the service again for reasons. The aim here is for the phishing victim to enter their login information on the cloned page, which is sent to the attacker when they attempt to log in, instead of logging the user in. In order to disguise the attempt at deception, the victim is redirected to the real login page of the respective service after submitting the login information so that the next login attempt is successful and no suspicion is aroused.
Another very common attack scenario is malicious email attachments. Attackers usually distribute Microsoft Office files, which can automatically execute malicious code on the victim's system via macros. The aim of this attack scenario is to gain access to the phishing victim's system via the executed malicious code. In current versions of Office products, however, the markos are deactivated by default and require the user to explicitly activate them by clicking on the button in the warning. In order to get the victim to take this step, attackers pretend that activating the macros is necessary for editing or viewing the file, for example by creating compatibility problems or similar. In addition, anti-virus programs make it more difficult to successfully execute the malicious code by blocking the macro before execution if malicious signatures are detected. However, the macro can also act as a so-called "stager", which first downloads the malicious code from a target server and then executes it on the system, making it more difficult for anti-virus programs to detect and block the executed malicious code.
As previously mentioned, attackers can exploit DNS misconfigurations so that emails with a forged sender address are still delivered and not filtered or flagged by spam filters. The DNS entries that protect a domain from such tricks are "Sender Policy Framework" (SPF), "DomainKeys Identified Mail" (DKIM) and "Domain-based Message Authentication Reporting and Conformance" (DMARC). All three DNS entries are created as TXT entries and, in combination, can guarantee the authenticity and integrity of the mails sent and received and enable automated filtering of mails that contradict the rules defined in the entries. In addition, such incidents can also be reported simultaneously to a stored email address. Anti-virus programs and endpoint detection and response (EDR) solutions are another technical measure for protection against phishing attacks, which can prevent or at least make it more difficult for malicious code to be executed on client systems. In addition, further targeted protective measures can be initiated in good time if alarm messages are triggered.
However, the most important protection against phishing attacks is the responsibility of the end user. In everyday working life in particular, emails should always be treated with foresight and a healthy degree of suspicion. It is also helpful to communicate suspicions of current phishing attacks to colleagues and, for example, create attention and awareness via a circular email or the "office grapevine". In addition, targeted awareness training and phishing simulations can significantly refresh and improve the security of the entire company.
Use the knowledge from space travel for your business. OHB Digital Services GmbH has been a reliable partner for secure & innovative IT solutions for many years. We are part of one of the most successful space and technology companies in Europe. With our products and services, we support you in the digitalization of your business processes along the value chain and in all security-related issues. Please feel free to contact us.
You are currently viewing a placeholder content from Vimeo. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from YouTube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from hCaptcha to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information