By Dan Seas, Information Security Engineer
As email protection increases and improves, attackers are working to find new ways to reach end users. As these new tactics evolve, we would like to share some examples of what we are seeing. We hope you find this information helpful the next time you are going through your inbox.
Emails with PDF files
When attackers send an email with a PDF file, the attachment is usually titled “Quote,” “Invoice,” “Late payment,” or something similar to peak your interest. The attached PDF does not contain any malware but instead includes a link to a phishing site. This phishing site will either contain drive-by malware or deceive the user into providing their login credentials. If the user enters their information, the attacker can collect their login and password information.
Tip: First, don’t click on links or download materials when you’re not sure who they are from or when an email from an unknown address seems suspicious. In the meantime, a great way to thwart the loss of login information is by enabling two-factor authentication. With the smartphone becoming commonplace, almost everyone can use this device as the second factor in their authentication process.
If you are tricked into entering your credentials into a malicious website, two-factor authentication will prevent the attacker from being able to use your credentials because they will not have the second authentication factor.
You can easily enable two-factor authentication on your email or high-value logins by searching online for “enable two factor on Facebook” or whatever account you would like to secure.
Try to look for instructions from the same URL as the website you want to add two-factor authentication to.
Enabling two-factor authentication typically will require you to provide additional information only when you are logging in from an unknown workstation or browser.
A second type of scam is a spoofed email impersonating a company executive or a known business partner. This email often requests that the user send employee data (i.e. W-2 information) or conduct a wire transfer.
Tip: If you are ever requested to do this type of activity, even if it’s from an executive officer of the company, call the requester on the phone to verify the need for the transaction.
Data leakage and the autofill feature
Most browsers today include an autofill feature, which many people have enabled. This feature allows your computer’s browser to store personal information in a cache, such as your name, address, and phone number. Then, when you visit a website and start to fill out a form online, the browser requests if you would like the form auto-filled. With your approval, the browser automatically fills out the form for you. Thus, the browser has saved you time and effort by automatically filling out repetitive information you would otherwise have to enter manually.
The autofill feature sounds great, but there is a down side. Some websites have caught on to the autofill feature and are taking advantage of people. For example, when the user approves autofill, the user assumes they are only giving out a narrow subset of their personal information. But some sites contain hidden fields the user cannot see. When the autofill feature is enabled/approved, these hidden fields get filled in but they are out of view, and the user gets tricked into including extra information like their credit-card data.
Tip: We suggest you disable the autofill feature, and enter your personal information by hand even though it takes a few seconds longer. At the very least, you should review your autofill settings and the kind of information your browser maintains for you. You can easily do this by searching online with the words “disable autofill browser.” One of the first items in the search results, from support.Iclasspro.com, has instructions for all browser types.