Holiday, fishing, and phishing

Holiday, fishing, and phishing

Mid-summer is near and so is summer vacation, especially for Finns. Time to travel to summer cottage to relax and to spend time fishing. Lakes occupy roughly 25% of Finland. Thus, Finland is also known as Lakeland. Lakeland as 187888 lakes, if we define lake to be a body of standing water which is larger than 500 square meters. A lot lakes lakes with plenty of fish.

Unfortunately, as we have seen during past summers, the vacation time also lures malicious actors to phishing waters. I know we all know this. Yet, every summer several employees of several companies get victimized. Therefore, it is vital to remind employees of the danger as awareness is the key to avoid successful attack caused by human mistake.

It is a bit late to check if every that can be done is done, but for the future here’s my shortlist, especially for companies using O365, what should at least be done to decrease the odds of employees getting victimized:

– Identity protection using multifactor authentication and conditional access is in place

– SPF, DKIM, and DMARC configured

– O365 ATP malware, spam, and phishing detection and blocking capabilities enabled

– Domain and key users of company protected against impersonating attacks

– Monitoring of alerts and incidents is done using up-to-date playbooks

– Make sure every employee is aware of the increased probability of targeted phishing attacks during vacation time and every employee knows what to do with suspicious emails.

It never too late to check the actual posture of the cyber security in your company and make needed small adjustments. If nothing else can be done, at least make sure the last item on my checklist will be done.

For your convenience below is a short message (in English & in Finnish) you may use as template to increase the awareness of phishing attacks within your company.

Template in English:

“The holiday season is attracting malicious actors and criminals to create and send phishing messages, especially to those parts of organizations that handle corporate payment processes. According to the Finnish police, since the autumn of 2018, companies in Finland lost millions of euros as victims of phishing crimes. In some criminal cases, banks were able to stop remittances before the money was fallen into the hands of criminals, but not always. [local information for your country is the best example here]

In phishing messages, the attacker attempts to deceive the victim, with the goal of obtaining the victim’s username and password. This is done typically via email, with a deceptively genuine-looking link or call to action to go to a website managed by the attacker. This site has a login window that allows the attacker to obtain the victim’s username and password.

If you notice strange emails or phone calls, we encourage each of our employees to do the following [the company’s own instructions here].”

Template in Finnish:

“Lomakausi houkuttelee vihamielisiä osapuolia luomaan ja lähettämään kalasteluviestejä eritoten niihin organisaatioiden osiin, jotka käsittelevät yritysten maksuprosesseja. Poliisin mukaan 2018 syksyn jälkeen suomalaiset yritykset ovat menettäneet kalastelurikosten uhreina miljoonia euroja. Osissa rikostapauksia pankit ovat saaneet pysäytettyä rahansiirrot ennen kuin rahat ovat päätyneet rikollisten käsiin, mutta eivät aina.

Kalasteluviesteissä hyökkääjä pyrkii hämäämään uhriaan, tavoitteena saada haltuunsa uhrin käyttäjätunnus ja salasana tyypillisesti sähköpostin välityksellä, jossa on hämäävästi aidon näköinen linkki tai toimintakehotus siirtyä hyökkääjän hallinnoimalle www-sivustolle. Tällä sivustolla on kirjautumisikkuna, jonka seurauksena hyökkääjä voi saada haltuunsa uhrin käyttäjätunnuksen ja salasanan.

Mikäli havaitsette outoja sähköpostiviestejä tai puheluja, kehotamme jokaista työntekijäämme toimimaan seuraavasti [yrityksen oma ohje tähän].”

Senior Consultant, ICT & Cyber Security. Marko has been working in the field of IT in several national and international companies over 20 years in several roles. Currently he is also a researcher at Tampere University, Social Sciences, writing his doctoral dissertation on cybercrime and cybercrime victimization from social psychological viewpoint. Senior Consultant, ICT & Cyber Security. Marko on toiminut yli 20 vuoden ajan erilaisissa asiantuntija- ja konsultointitehtävissä, vastannut palveluliiketoiminnasta sekä toiminut kouluttajana. Sähköposti: