Phishing for Awareness Series: Spear Phishing & Subdomain Attacks

Spear Phishing & Subdomain Attack Awareness

Spear Phishing

Spear Phishing is typically an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear phishing emails are carefully designed to get a single recipient to respond. 

At the time of a Spear Phishing Attack, cyber criminals select an individual target within an organization, using social media and other public information-and craft a fake email tailored for that person. 

An example of a Spear Phishing Attack that could occur is say you share online that you will be traveling to Atlanta soon, and you might get an email from a colleague (apparently), saying “Hey, while you’re in Atlanta you’ve got to eat at Ladybird, check out their menu.” Click the link, and while you’re studying the menu, malware is inserted into your computer. 

A spear-phishing attack circulated at the beginning of 2017’s tax season in the United States.

You are probably already aware of the fact Tax Day has been pushed back by three months. Since the new deadline to file your tax return and pay any taxes you owe is now July 15, hackers are given more time and opportunity to create a scam. A spear-phishing attack could easily be transpired and target individuals who are filing their taxes, much like 2017. 

It is important to become aware, as an online user, to 

  • Spot out potential spear-phishing emails and delete them.
  • Be on the safe side, confirm the authenticity of any unexpected email by contacting the apparent sender. 
Subdomain Attack

While a Spear Phishing Attack may have you wanting to confirm an email address, a Subdomain Phishing Attack will have you wanting to check your website links. A Subdomain Attack is a phishing scam that is generally aimed toward non-technical people. Scammers will show a lack of knowledge about the difference between a domain and a subdomain to launch phishing attacks.

There are more than 600 legitimate Microsoft subdomains that can be hijacked and abused for phishing, malware delivery and scams, researchers warned this week.

To revise, in the Domain Name System (DNS) hierarchy, a subdomain is a domain that is a part of a main domain. The DNS records for a subdomain point to a domain that no longer exists. Anyone who creates the non-existent domain can basically hijack the subdomain that has the misconfigured DNS records. An attacker can direct the visitors of the hijacked subdomain to a phishing website and capture their authentication credentials or other sensitive information, trick them into installing malware, trick them into uploading sensitive files, or scam them.

Experts have been warning about the risks posed by subdomain hijacking for years and ZDNet reported last month that spammers had already started hijacking Microsoft subdomains.

Subdomain attacks and potential threats can be mitigated by following best practices and exercising caution when opening links or files from untrusted sources. Before clicking on any attached link from an unknown sender, read the domain name carefully. Remember, it is always read from right to left.

Learn more about phishing in our “Phishing for awareness” series:

PFA: Pop-up messages, email spoofing & URL Phishing Attacks

PFA: Business Email Compromise Schemes and Website Spoofing

PFA: Impersonation and Social Media

PFA: Spear Phishing & Subdomain Attacks

PFA: Malware Injection & Image Phishing

PFA: Clone, Man-in-the-Middle & Search Engine Phishing Attacks

Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised. 

Don’t Gamble With Your Security  Contact us