Remember meForgot password?
    Log in with Twitter

article imageNew phishing attacks impersonating the law departments Special

By Tim Sandle     Nov 7, 2019 in Technology
In response to the recent phishing attacks impersonating the U.K. Ministry of Justice, security expert Alexander García-Tobar, CEO and co-founder, Valimail delves into the issue for Digital Journal.
A new phishing campaign is mimicking the U.K. Ministry of Justice in order to scare victims into installing information-stealing malware, as ZDNet reports. This latest cyberattack is specifically targeting employees in the insurance and retail industries. This was uncovered by researchers at cybersecurity company Cofense, The phishing emails have the subject 'Court' and feature U.K. Ministry of Justice logos.
Through this attack, criminals are trying to trick their potential victims into opening an embedded link pointing to redirection chain leading to a Word document with malicious macros. Entitled “Your Subpoena”, the fake message informs the recipient that they have been “ordered to the law court”, prompting them to click on a link to “see the details of the charge”.
Alexander García-Tobar, CEO and co-founder, Valimail tells Digital Journal that this latest issue: "demonstrates how a convincing phishing email can be an extremely effective attack vector. By impersonating the U.K. Ministry of Justice, hackers are tricking users into believing they have been issued a subpoena and need to click on a link to obtain more information - which in turn infects computers with malware that steals browser data, usernames, passwords and cryptocurrency."
He also warns about the increasing sophistication of such cyebattacks: "As phishing emails increasingly become harder and harder to detect, the first essential step is to prevent malicious emails from ever entering employee inboxes."
The problem is that many security systems are insufficient: "It is clear that many email defense systems are not up to standard, as most email defenses focus on the content of the messages and the links they contain, but this is an unreliable and inefficient method since not all phishing emails contain identifiably malicious links or attachments — and in fact this email made it through advanced scanners because it used an innocuous-looking Google Docs URL."
García-Tobar explains that new approaches are required: "A better approach is to focus on validating the identity of the sender and blocking all emails that come from an unauthenticated source. In this case, the attack could have been stopped by flagging the sender as not the real “Ministry of Justice” but an impersonator sending email from an untrusted domain."
He explains that: "Blocking impersonations like these can stop more than 83 percent of malicious emails in their tracks."
García-Tobar also adds that: "Properly enforcing Domain-based Message Authentication, Reporting and Conformance (DMARC) and implementing advanced anti-phishing solutions that validate sender identity are critical to protecting both consumers and businesses from phishing, which is implicated in more than 90 percent of all cybersecurity attacks.”
More about Phising, Law, Legal, Justice, Cybersecurity
Latest News
Top News