Phishing for Outlook
There seems to be a kit available for everything nowadays.
The web is inundated with advertisements for kits to help with daily meal planning, weekly work planners, or even wardrobe assistance. You can even now find phishing kits targeted to specific applications or cloud services that are good enough to fool an employee of the targeted company or even the most frequent user of said application or service.
What is a Phishing Kit?
All brands have very specific brand guidelines to ensure consistency and global recognition. For larger brands, these guidelines are well known and can be easily duplicated in order to fool the average person with a phishing attack. Phishing kits provide a turnkey approach to attacking a specific target by providing all the materials using that target’s specific brand guidelines. CSO Senior Staff Writer Steve Ragan best explains what a phishing kit is:
“A phishing kit is the web component, or the back-end to a phishing attack. It's the final step, in most cases, where the criminal has replicated a known brand or organization. Once loaded, the kit is designed to mirror legitimate websites, such as those maintained by Microsoft, Apple or Google. The goal is to entice the victim just enough so they'll share their login details and other sensitive data, which will vary depending on the phishing scam. Developed using a mix of basic HTML and PHP, most phishing kits are stored on a compromised web server or website, and usually only live for about 36 hours before they are detected and removed.”
Mr. Ragan also talks about why phishing is so effective:
“Phishing attacks typically stress urgency or play on a person's willingness to help. Phishing attacks can also evoke a sense of fear, by warning of serious consequences. Sometimes you'll see this as a threat to suspended services, the loss of critical data, or various personal consequences. The most common observation, though, is that phishing attacks start by triggering the victim's sense of curiosity. This is why the victim opens the email to begin with.”
Microsoft Targeted by Most
We have reported at length on the previous Microsoft vulnerabilities, so it comes as no surprise that Microsoft Office and Outlook top the list of targeted phishing attacks. This has been documented by SecurityWeek international correspondent Ionut Arghire who reported that “Office 365, Outlook Credentials Most Targeted by Phishing Kits” and specifically wrote:
“During the third and fourth quarters of 2018, Microsoft Office was the brand targeted the most by phishing kits, attracting 25.4% of assaults. At 17.2%, Yahoo was the second most targeted, followed by PayPal at 17.1%. Dropbox (9.8%) and Apple (5.0%) rounded up top five most targeted brands.”
Develop a Phish Prevention Ecosystem
The most effective phish prevention strategy will include an ecosystem that accounts for the malware infiltration, email protection and human education components in order to be most effective.
Understanding that any executable code inside of content is malicious will ensure your malware infiltration solution is a best first line of defense. Combine that with targeted email threat protection and security awareness training for your employees and you will have everything you need to protect against these advanced phishing kits in the hands of cybercriminals intent on extorting your organisation.