Spear Phishing Impersonators: Beware of familiar names from free email services
There is a common spear phishing tactic that we help our PhishMe customers combat, and that is attackers using familiar names with fake free webmail accounts.
The attacker wants to break into Widget, Inc. The first thing they do is research Widget, Inc., looking business units who may have access to the information assets they are targeting. Once they have picked their target, they need familiar names to make their spear phish more enticing to the eventual victim.
They will pick a real name inside of Widget, Inc, that will serve as the From: line of the spear phishing email. Sometimes the attacker is smart enough to choose a name in a different office or time zone. This increases the likelihood that the victim won’t pop their head over the cubical wall and ask “did you just send me an email from your Gmail account?”
Once the phisher is satisfied they have a good name to impersonate, (e.g. Bob Dobolina) they will register firstname.lastname@example.org, (or hotmail, yahoo, etc…)
Armed with a new free email account that uses a familiar name, the phisher will send out their spear phish to the intended targets who may know or have heard of “Bob Dobolina.” This increases the chance that the victim will fall for the phish.
How does the attacker find the names needed to carry on this charade? Social networks and tools like Jigsaw and LinkedIn provide a wealth of information. (Head over to jigsaw.com right now and put your company name in.) You will see that piecing together the necessary information to effectively impersonate someone is quite easy.
Besides making your organization aware of this threat, what else can you do to protect yourself? How about creating fake personas? Ann Smith, Executive Assistant to the Director of Legal. But in this case, Ann Smith isn’t an executive assistant, instead, Ann Smith is an email alias that goes directly to your incident response and network monitoring team.