Quorum Cyber have received and remediated a number of attempted phishing attacks into our Big Red Button service within the last 24 hours. All of the emails have contained similarities suggesting a new campaign or at least a newer breed of attack is now being attempted.

For those who have not heard of it before, our ‘Big Red Button’ service provides complete coverage against phishing. We analyse potentially malicious emails, detect attacks and shut down malicious campaigns against our customers.

The attacks of the last 24 hours, like many other phishing attempts, requested the user clicked a link; however, in these instances the user was explicitly told that the link was to a JavaScript file. This file would then have to be run or saved and opened for the payload to execute. This is a change from more conventional phishing attempts wherein the attacks are masqueraded in the background and hidden from the user. Each of these attacks tell the user that code will be run in an attempt to alleviate concern and suspicion when they are asked to run a JS page rather than open a PDF of word document.

All of these emails also stated that they were ‘invoices’ for services, which can cause users to worry that they may have been a target of fraud aiding in the phishing attempts effectiveness.

Furthermore, at least two of the phishing attempts, both of which shared no links, are part of the same campaign, this is obvious due to the wording and the existence of the same Unicode character, ‘Â’, that had no reason to exist in that context (it is likely that this is an automated campaign and when converting text to html an error has occurred).

Most phishing attempts contain three things:

Trust/intrigue - Stating it was an invoice intrigues the user

Urgency - The user worries they may be a victim of fraud and are therefore careless in their haste to find a solution.

Request - The user is asked to click a link.

If you receive this kind of email:

  • please do not click any links if you are not certain of their origin;
  • alert co-workers and other members of staff to minimise the spread of the campaign;
  • if you have clicked the link alert a member of the IT staff for further assistance. It’s always better to be open about the potential threat and therefore part of the solution.

If you’re worried about Phishing attacks within your company we would be more than happy to talk you through your Cyber Security options.