New Dangerous Phishing Attack Infiltrates Your Email Chains

Recently, Groff NetWorks has seen a spike in a old yet effective phishing method but with a new technical twist. Namely, someone in an organization gets infected in some way and then has their inbox/contact list scanned by the attackers. They’re looking for multiple user email conversations where people are replying to each other back and fourth… when it sees that, it inserts itself into the chain, making it APPEAR as if someone in the chain has replied. When those on the chain see the infected reply, it appears as a valid email. When they open the email they get what looks like a valid error message with a link  saying: “The contents of this message cannot be displayed. Click to display messages.” If you click on this link, your account is compromised. The phishers will now have access to your sensitive business files and data. 
This new phishing tactic is very tricky, it attacks users when their guard is down. It is very easy to click a link during an ongoing conversation without considering the possibility of a phishing attack. However, there is an easy way to detect this attack.
The links (when you hover over the link without clicking it) shows a website address/URL that has .ICU in it. By using simple content filtering tools, these domains can be filtered against. We also recommend owners/leaders of companies and departments to educate their staff – ensure they know NOT to click on emails that have the error message “The contents of this message cannot be displayed.” This should be seen as a red flag right away. It is a rare message to get, and a simple one to check with your IT provider/department who can evaluate if it is a valid error or not. Chances are it’s malicious and not legit. It’s better to be safe than very, very, very sorry.
Groff NetWorks provides IT support and managed services for Troy, Albany, and Schenectady businesses at a price that doesn’t break the bank.