One of the country’s leading cyber-security experts, based at Bath’s Computer Network Defence (CND), is warning about the latest threat posed by hackers – spearphishing.
Andy Cuff, managing director of Computer Network Defence (CND), reported the issue after one of his own staff was used by a criminal in an attempted scam.
Spearphishers are so-called because they spend a little time researching specific individuals on social media rather than sending out hundreds of thousands of hopeful scam emails of which a small number will be caught in their net.
They appear to use financial information from Companies House to identify high net worth individuals then scour social media for friends of the person whom they then impersonate.
Using a ‘friend’s’ email address they send a message to the target with a link that, if clicked on, will infect the system, allowing funds or intelligence to be stolen by the hacker; or ransomware installed.
They tend to target newer businesses that have done well as they assume they won’t have the toughest security measures in place.
The highly-targeted approach is a step-up from standard ‘phishing’ emails and is extremely effective.
Andy, who is based in Bath, said: “It really is a more sophisticated way of attacking people as it is highly targeted.
“A variation of spearphishing is known as ‘whaling’ where the attackers seek to dupe company executives into parting with money.
“The spearphishing emails when received look totally legitimate and as if they are from a friend so there is apparently no reason why you shouldn’t trust it and click on any links.
“Recently a friend of one of our senior staff called him to ask him why he had sent him an invoice; he was perplexed because it hadn’t come from him.
“Being a cyber-security company we asked that the email be forwarded to us for analysis.
“The sender had changed his name to the email address of our employee and used the full name of the target.
“The link within the email led to a document containing a macro virus. We ran the link through a reputation checker and a number of other organisations had looked at the same link that day.
“This suggested that it was a new link that had been used several times and was identified as suspicious.
“At first it looked like a standard phishing email, but there were a few interesting elements which made it a spearphishing attack.
“There is no business relationship between our employee and the target and yet the email address was sent using our business address. Their only link is on Facebook.
“The target’s new business had been extremely successful with an annual increase in profit of 500%, as would have been deduced from its figures on Companies House.
“If a victim has their email account compromised the attacker will usually send emails to every contact he can find. But as that didn’t happen in this case it implied the email was crafted to the individual.
“We would surmise that the attacker had identified the target as a recent high net worth individual with a fairly new company and no website, suggesting that he had minimal security and a limited IT knowledge.
“Some social media investigation identified a relationship between these individuals, and their unusual names, coupled with their internet presence, enabled business-to-business email addresses to be identified.
“It’s worth double checking any emails received and looking at the email addresses carefully.
“Another clue was that the English in the email was impeccable, but clearly written by someone for whom it was not their first language.
“People should update their operating systems and antivirus software and yes, even Apple computers should have antivirus software.”
