Another new year, another new hack on the rise. Within the last month, we have received a highly sophisticated new form of a phishing attack (4 times actually). The attack this time disguises itself as a seemingly valid email coming from one of your contacts or at least a contact from a valid email domain. If you look at the email headers, it is coming from the actual domain of the sender and not some suspicious domain and the email passes all the standard security authentication methods such as SPF, DKIM, and DMARC.

What has happened is that the sender’s email account has been compromised and the hackers use their account to send malicious emails disguised as something you may receive from that sender. In two examples, the emails appeared to be coming as RFPs (Request for Proposal) from valid contacts that would very likely send such emails. The emails also copy the exact format (signature, style) used by the contact.

This is where the hackers take it up a notch: if you simply reply to the email to confirm that the email is actually legit, you will receive an answer to let you know that it is! Hackers have full control of the email address and are monitoring the responses to ensure that their hack is most effective. In some cases, the hackers have even modified the phone number in the sender’s signature, so that if you call that number to confirm, the malicious party will respond on their behalf. A bit more of a reach here but still crazy.

How to Protect Yourself

1. Protect yourself using an antivirus application on your computer such as Avast, Bitdefender, or AVG.
2. Contact the sender via another trusted mechanism. Call them using the number you have on file for them or via another trusted channel such as a different email address or an online chat mechanism. A call is likely best as you can more easily authenticate the sender’s voice that way.
3. When in Doubt, Don’t Click.

It is important to stay vigilant to prevent the spread of these sophisticated attacks. Furthermore, we invite you to not simply delete and ignore the emails. Contact the sender (or someone at their organization) to let them know so that they can take action and prevent these types of attacks from spreading any further. The sooner the better.