Phishing, What Is It All About? (Part 2)

It is well known that the number of phishing attacks continues to increase. Just like the fact that Germany is one of the countries most affected. The first part of “Phishing, What Is It All About?” covered e-mail phishing, baiting and search engine phishing and explained how to protect yourself from these types of phishing. In this part, CEO Fraud, Corporate Phishing and Angler are presented.

Phishing, What Is It All About? (Part 2)

CEO Fraud

Also known as Business Email Compromise (BEC), this is when email addresses of key people within a company, such as the CEO, have been captured. The attacker sends emails to employees pretending that an amount of money is to be transferred. Often the situation is presented as very seriously so that the employee is urged to care and has less chance to think about it and directly carries out the activity. It is important here to not confuse “CEO Fraud” with “Corporate Phishing”, because in “CEO Fraud” real existing email addresses are used and the motivation of the attacker is in most cases purely financial.

How can you ensure not to be tricked by something like this when the real email addresses of your superiors are used?

  1. You should first ask yourself whether the situation presented is a realistic one for your company. Then you should consider whether the requested amount seems suspicious. If you wonder to whom the money is to be transferred, perhaps this is also suspicious.
  2. The attacker might not be 100% familiar with your company’s internal regulations, so it may be that the email of a superior is used, with whom you do not actually come into contact. If this is the case, you should contact your own supervisor.
  3. If the email is supposed to be from your own supervisor, you can also recognize a phishing attack by the wording. Are words used that the person doesn’t actually use? Is the wording of the request different to other instances?

Above all, it is important not to get stressed and rather question the legitimacy for some time and inform other supervisors instead of going straight into it and make a mistake.

Corporate Phishing

Unlike CEO Fraud, the email addresses are totally made up but should be similar enough to the real addresses that you can’t tell the difference. This type of phishing is very similar to common email phishing with the biggest difference being that the attackers make great effort to let the mailing appear pretty real. This means that the content of the emails is supposed to come across as legitimate as possible, including the company’s logo and the request to interact with the link. This link then leads to a website that appears similar to the real company website. Here, you are requested to login with valid credentials or perhaps enter banking details. With this type of phishing, the motivation is rarely just financial. Regularly, malware is downloaded in the background or the credentials are collected for later use for example in an Account Takeover Attack.

  1. To avoid falling for this kind of phishing attack, you can start by asking yourself the same questions you would ask in an email phishing attack: Are the sender’s name and address spelled correctly? Are there any differences from the sender addresses used in other emails? Is the content logical and correct?
  2. Before following a link, take a look at the address behind the link. Is there anything conspicuous? Has the name been misspelled or is the ending different, e.g. .com is used instead of .de?
  3. If you still land on the suspicious website, you can check if something noticeable has been changed. Perhaps the background color is different or the font used is inconsistent.

Angler

The target audience of this attack are dissatisfied customers. When someone leaves a bad review, the attacker will impersonate a customer support agent and pretend to assist with the problem. In doing so, they will try to find out more information about the customer to use it later on. The most affected institutions are in the finance sector, so the motivation of the attack here seems financial.

To avoid such a phishing attack, you should pay attention to the following:

  1. How recent is your complaint or rating? Has the problem already been solved or has one already been approached about it?
  2. On which way are you being contacted? Perhaps something is already phishy e.g. the e-mail address itself or the wording used. Was everything spelled and formulated correctly?
  3. Is there a connection between the information you are asked for and what you have complained about earlier? Is the way of communication safe to share sensitive data?
A three-part overview of CEO-Fraud, Corporate Phishing and Angler. CEO-Fraud is when the attacker pretends to be a supirior of a company and instructs the employees to make a transfer. The motive of the attacker is thus mainly financial. This type of phishing is also called 'Business Email Compromise' because real email addresses are being used. If an attacker pretends to be a company, using fake email addresses and websites, then it is corporate phishing. Here an attempt is made to ask you to follow a link, so that you enter your data. Malware is often downloaded when the link is opened. An Angler Phishing attack has dissatisfied customers as the target group. The attacker poses as customer support to get a hold of your data.The financial sector is the most affected.
Figure: Summary on CEO-Fraud, Corporate Phishing and Angler.

Reading Time:
4 min
Published:
:
Aura Pop & Rene Neff

Contact an Expert

Do you have any further questions or need specific help? Write us a message or arrange a meeting directly.

Show more

  1. Verify Login Credentials to Protect against Credential-Stuffing Attacks

    Verify Login Credentials to Protect against Credential-Stuffing Attacks

    Users to Verify Their Login Credentials to Protect against Credential-Stuffing Attacks Checking credentials against leaked login information is an important safeguard to protect against credential stuffing attacks, as it helps prevent the use of stolen credentials. When users check their credentials on a platform that matches whether the data has been leaked in the past, they can determine whether their credentials may have already fallen into the hands of attackers. If so, they should change their password as soon as possible and, if necessary, consider other security measures such as enabling two-factor authentication.

    Reading Time:
    8 min
    Published:
    :
    Rene Neff
  2. Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

    Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

    Risks to Users of Online Platforms from Credential-Stuffing Attacks Credential stuffing attacks pose a high risk for users of online platforms. Criminals’ access to online accounts can lead to financial damage, for example when purchasing goods with stolen credit cards or by exploiting access data to paid offers. Credential-stuffing attacks also pose a risk of identity theft, as attackers may have access to personal information and documents when they access an account.

    Reading Time:
    4 min
    Published:
    :
    Rene Neff

Get to the blog