How to Detect and Prevent Secure Document Phishing Attacks
Secure document phishing attacks are some of the latest in client endpoint exploits that have been plaguing the computing world. While these phishing attempts may fool the uninformed, by reading this article you will be better able to detect and prevent secure document phishing from effecting your Information Security environment.
What is a Secure Document Phishing Attack?
A Secure Document Phishing Attack occurs when cybercriminals send either a fake PDF or DocuSign document to a user on your network, often using a fake (or spoofed) email address to make the recipient trust that it is from someone that they know. The email will normally request that the user clicks on a link to "receive a secure document." This opens up a web page asking for credentials or other personal information, to click on a secure DocuSign document link that will instead download malware, or to click a link on a word document that contains macros that can download malware.
See Infosec IQ in action
Technically speaking, Secure Document Phishing Attacks are a form of what is called Spear Phishing. Spear Phishing is the most specific type of phishing attack because it specifically targets a user or organization by using information that the potential victim would be familiar with, thus establishing trust. This type of phishing attack is one of the most successful types in existence today.
Real Life Example
Let's say that your organization periodically sends out emails to all employees. You receive an email that looks like it may be from someone in your organization but it seems, well, phishy. The email that you receive looks like the following:
This is a prime example of a Secure document phishing email. Confirm with the sender if it is legitimate as the first step but do not expect to do anything but delete the email.
How to Detect Secure Document Phishing Attacks
There are many ways to detect whether the email you received is a Secure Document Phishing Attack. Before we explore these ways, what must be kept in mind is that the cybercriminals that are sending these emails have at least some corroborative information about the potential victim. This information can include names of other people in their organization, the email addresses of others in the organization, and potentially other personal information (such as banking and financial). For that reason, it can take a little bit of analysis of the email to detect whether it is truly a Secure Document Phishing Attack.
First, Secure Document Phishing emails will often contain links to other sites that include the legitimate name of the organization that the victim works for as part of the subdomain of another URL. For example, if you work at Acme, and the link is something like "acme.otherwebsite.com," you know that this is probably a Secure Document Phishing Attack. You can easily determine if this is the case by simply hovering your cursor over the link briefly until it displays the link's URL.
Second, do not take the email's display name at face value. Cybercriminals frequently use the proper display name of someone or an organization that you may interact with, but these display names do not match up to the email address that it is connected to. For example, let's say you received an email from an organization that you know called Acme. This email may say something like "From: Acme accounts@security.com." When you see this, you will know that the email is actually not from Acme and that it is indicative of a phishing attack.
How to Prevent Secure Document Phishing Attacks
Cybercriminals can get around email spam filters with unique, directed Secure Document Phishing Attacks. This puts the onus on the end user because, in all honesty, it is the user that is the one responsible for actually clicking on phishing click-bait. Therefore, organizations must focus on their users and educate their users with the knowledge required not to fall victim to these attacks.
The best way to educate an organization's employees about secure document phishing attacks is to implement an email phishing attack awareness campaign. On a regular basis, organizations should address their employees about recent high-profile phishing cases (from the news for example) and provide tips about what to look for when determining if an email is actually a phishing attack. Learning is best performed by the act of doing and determining if an email is a phishing attempt is no exception. The awareness campaign should incorporate quiz questions to see if an organization's employees are up to speed with how to determine if an email is a secure document phishing attack.
Some tips that organizations interested in organizing a phishing attack awareness campaign are:
- If an email seems suspect or there is any doubt whatsoever regarding the authenticity of the email, contact the sender. If the email is authentic, the sender will probably not have an issue with confirming its authenticity for you.
- If the email is from a sender that you have communicated with, analyze the pattern of the communication. If the pattern appears different from how the sender normally communicates with you then heed caution and report the email to your system administrator or IT department.
- Pay close attention to the spelling of the words used in the email subject and body. Often secure document phishing attack emails will include at least a word or two that are spelled differently, capitalized inappropriately, or include excess spaces between words. Secure Document Phishing emails often contain at least one instance of the errors listed above.
References
https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/
https://blog.knowbe4.com/scam-of-the-week-secure-document-phishing-attacks-trap-employees
https://www.incapsula.com/web-application-security/phishing-attack-scam.html
https://blog.lumen21.com/2016/06/08/secure-document-phishing-attacks/
See Infosec IQ in action
http://hyphenet.com/docusign-phishing-emails-loaded-with-data-stealing-trojan/
In this Series
- How to Detect and Prevent Secure Document Phishing Attacks
- Keeping your inbox safe: How to prevent business email compromise
- The best 9 phishing simulators for employee security awareness training (2023)
- How to set up a phishing attack with the Social-Engineer Toolkit
- Extortion: How attackers double down on threats
- How Zoom is being exploited for phishing attacks
- 11 phishing email subject lines your employees need to recognize [Updated 2022]
- Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
- The state of BEC in 2021 (and beyond)
- Why employees keep falling for phishing (and the science to help them)
- Phishing attacks doubled last year, according to Anti-Phishing Working Group
- The Phish Scale: How NIST is quantifying employee phishing risk
- 6 most sophisticated phishing attacks of 2020
- JavaScript obfuscator: Overview and technical overview
- Malicious Excel attachments bypass security controls using .NET library
- Phishing with Google Forms, Firebase and Docs: Detection and prevention
- Phishing domain lawsuits and the Computer Fraud and Abuse Act
- Phishing: Reputational damages
- Spearphishing meets vishing: New multi-step attack targets corporate VPNs
- Phishing attack timeline: 21 hours from target to detection
- Overview of phishing techniques: Brand impersonation
- BEC attacks: A business risk your insurance company is unlikely to cover
- Cybercrime at scale: Dissecting a dark web phishing kit
- Lockphish phishing attack: Capturing android PINs & iPhone passcodes over https
- 4 types of phishing domains you should blacklist right now
- Email attack trend predictions for 2020
- 4 tips for phishing field employees [Updated 2020]
- How to scan email headers for phishing and malicious content
- Should you phish-test your remote workforce?
- Overview of phishing techniques: Fake invoice/bills
- Phishing simulations in 5 easy steps — Free phishing training kit
- Overview of phishing techniques: Urgent/limited supplies
- Overview of phishing techniques: Compromised account
- Phishing techniques: Contest winner scam
- Phishing techniques: Expired password/account
- Overview of Phishing Techniques: Fake Websites
- Overview of phishing techniques: Order/delivery notifications
- Phishing technique: Message from a friend/relative
- [Updated] Top 9 coronavirus phishing scams making the rounds
- Phishing technique: Message from the boss
- Cyber Work podcast: Email attack trend predictions for 2020
- Phishing techniques: Clone phishing
- Phishing attachment hides malicious macros from security tools
- Phishing techniques: Asking for sensitive information via email
- PayPal credential phishing with an even bigger hook
- Your 2020 tax scam training guide
- Abusing email rules
- 8 phishing simulation tips to promote more secure behavior
- Top types of Business Email Compromise [BEC]
- Be aware of these 20 new phishing techniques
- Phishing in academic environments
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
