Welcome to Risk Management Plus+ Online

A Service of Travelers Bond & Specialty Insurance

print   email   Share

The Evolution Of Phishing: How It Is Hooking The Unwary By Targeting Our Desire For Information

Cybersecurity experts recently discovered a targeted phishing email campaign that spreads malware by promising "Game of Thrones" spoilers.

The phishing email's subject line read: "Wanna see the Game of Thrones in advance?" The email, which contained general information about upcoming episodes, also included a Microsoft Word attachment that claimed to be a "Game of Thrones" preview. In reality, the attachment contained malware. If an unsuspecting user downloaded the attachment, it would attempt to install a "9002" remote access Trojan (RAT).

Cybersecurity experts say the Chinese government could be behind this malware attack.

HBO experienced a data breach in July in which hackers stole 1.5 terabytes of data, including unaired episodes. Experts do not know if these two attacks are related, but they do believe hackers are trying to capitalize on the HBO data theft to make victims think that the attachment contains the stolen unaired footage. Andrew Liptak "Hackers are using the promise of Game of Thrones spoilers to spread malware," www.theverge.com (Aug. 26, 2017).


Commentary

Gone are the days when phishing emails were easily identifiable by absurd requests for money or numerous grammatical errors. Now, cybercriminals will often send emails claiming to be from a legitimate agency, such as a financial institution or government agency. They will even include the organization’s logo in the email.

In this instance, cybercriminals were taking advantage of a popular HBO series and the curiosity of email recipients, which led to the spread of more malware, most likely from a foreign government actor.

Although malware distributors are becoming more sophisticated, the best practices for avoiding malware through phishing remain tried and true. The first rule to avoid malware is to never select links or open attachments from unsolicited or suspicious emails.

If you are in doubt, open a new email and write the source, selecting an address you know is good for the source, and ask them about the email. If you want to avoid cyber communication altogether, call them.

Do not reply to the suspected email. If it is a scam, you are making the criminal aware that your email is valid, and the criminal will answer affirmatively. Do an Internet search describing the email and see if it is reported as a scam.

If you are still in doubt, don’t select the link or the attachment. Always select caution over the need for information.

Overall, you should establish a heightened sense of suspicion about email, especially spam. The Anti-Phishing Working Group advises individuals to be suspicious of any email with urgent demands for personal financial information or upsetting or exciting statements designed to get you to react immediately.

Finally, your opinion is important to us. Please complete the opinion survey:

News & Information

Malware Piggybacking On Popular Software And Apps: How Can Employers Increase Awareness

The recent CCleaner malware proves that even legitimate software poses a significant cyber risk. Learn more about this risk and keeping up on emerging risks.

Read More

How Negligent Supervision Can Lead To Massive Fraud And Crippling Litigation

An employee of a lottery programming company commits fraud. Learn how the employer's failure to oversee the employee could lead to class action lawsuits.

Read More

Bluetooth Malware Discovered: 5.3 Billion Devices At Risk

BlueBorne, a new strain of malware, spreads quickly and easily by exploiting Bluetooth technology. Learn more about Bluetooth, its vulnerabilities, and how you can stay safe.

Read More

Is Cybersecurity Fatigue The Cause Of So Many Hacks?

A recent survey finds many users create weak passwords out of convenience because of password fatigue. We examine.

Read More