What is zombie phishing?
In 2018, ‘zombie phishing’ was discovered by the Phishing Defense Center TM (PDC). Like other phishing attacks, the scam uses compromised email accounts to spread viruses or trick users into sending money to scammers.
To elaborate, con artists hack email accounts and reply to old discussions with harmful attachments and phishing links. A user may click this link because the email subject is typically relevant to the conversation at hand. Additionally, the original conversation was already included in the messages that were sent, making it simple to mistake the reply for a follow-up.
Recently, there was a phishing email utilizing email bodies from past company communications.
Con artists gained access to a user's email account and discovered a sales email the person made to a company a few years ago in the hopes of completing a transaction with them.
Once the scammers gained access, they pretended to be the company in the prior email that the user was attempting to sell. The impostor simply copied the entire body of the sales email sent out years ago and sent it back to the user to "continue" the email's thread by acting as if they now intended to buy what the user was attempting to sell.
This issue demonstrates what con artists can do once an email is compromised; they tricked the user where the email appeared more authentic, allowing the hackers to learn more about the user's company as well as trick other users they may come across in the compromised account.
Later, another incident occurred.
The attackers were then able to view a thread between the user and their MSP from years earlier when they were initially trying to sell the user their managed services. The MSP’s spam filters later caught a suspicious email headed to IT person within the company posing as the MSP’s president. Most likely, with thorough research, the scammers found other email messages of engineers that worked at the MSP. The body of the email referenced the message that MSP sent to the user of the compromised account about a year ago when they were initially trying to sell IT service to the client. At the bottom of the email, it stated, “approve this, and follow this link to pay." Essentially, because the scammer pretended to be the president of an MSP, this made it more possible for the user to believe the sales email was legit and from a trusted MSP provider. The link was most likely a risky site asking for a method of payment.
Here are a few things you need to know about this new scam:
- The team behind it has been using information from past breaches and sending emails with password protected zip attachments.
- It's a targeted automated attack and there has been a lot of these recently. Although it's not a new concept, the threat has now increased.
- Email filtering systems can't scan inside a password-protected file, which is how these phishing attacks may be missed.
- To prevent detection, the payment amounts, and links are frequently shuffled and encrypted. Therefore, it can be completely new to the person viewing it.
What do you need to do to avoid these attacks?
- Make sure that your company has two-factor authentication, a security method that requires two forms of identification to access data and other important information.
- Spam filtering is crucial, this system assisted the IT firm in detecting the con artist's attempt to launch a phishing attack.
- Be sure to question every payment you receive through email and confirm via phone. Make sure that this method is a part of your company’s policy.
- Never open zip attachments. Most zip files are encrypted. When unsure, forward to your IT company.
Overall, pay attention to emails that you receive and make sure to pay attention to details such as email addresses and formatting when viewing emails. To learn more about how to detect phishing emails.
The Infiniwiz technical team in the Chicagoland area takes a proactive approach to your cybersecurity. We set up the right IT protocols and help you put in place the employee procedures that will keep your data and network safe from online hackers. However, make sure to do your part in staying alert.