Persistent Fraudsters Using Polymorphic Phishing Emails

Cyber criminals are increasingly evolving and reshaping their failed phishing attempts as recent data reveals that almost half (42%) of all phishing attempts are polymorphic.

If a phishing attempt fails to breach either human or technological email defences, it is becoming habitual for a cyber criminal to make slight changes to the message’s content, sender name, email title or other details in the hope of the variation deceiving the security system and infiltrating the inbox.

Even the most stringent and meticulous human and technical email controls are being bypassed as sophisticated phishing criminals are increasingly augmenting and adapting the information in an email so that the malicious content tricks the system and successfully sends.

Automated phishing prevention, detection and response platform, IRONSCALES, identified 11,733 email phishing attacks that underwent at least one permutation.

In total, 52,825 permutations broke through 209,907 inboxes around the world. In the most advanced and extreme cases, 96 separate attacks underwent between 251 and 521 email face-lifts to help them break through cyber security that had picked up a previous permutation.

8,166 email phishing attacks were amended between 2 and 10 times as cyber criminals are responding to the cyber defence mechanisms built to prevent attacks.

Following an analysis of 100,000 verified email spoofing attacks, it is thought that secure email gateways (SEG) are increasingly vulnerable and prone to breaches.

In 73.5% of cases, the cyber criminal targets a specific member of a firm and uses their exact name during the attack. Using the exact name and spelling of a high profile member of the firm and other social engineering tactics highlight the research and detail being used by cyber criminals in the current climate.

A quarter of criminals will use similar sender name impersonations; misspelling the sender’s name slightly to help fool the defence system and the human recipients.

2% of attacks use a slight variation on the domain to spoof the email and fool the recipient. Here a minor misspelling of the domain name could be used to fool the user.

Despite sophisticated Domain-based Message Authentication, Reporting & Conformance (DMARC) systems, 0.5% of phishing attacks exploit vulnerabilities in a law firm’s cyber security and spoof the exact domain, making it extremely difficult to differentiate the fraudster from the genuine sender being spoofed.

This week, another survey also found that impersonation phishing fraud is increasing at a faster rate than any other cyber attack. 964 (94%) global IT decision makers from a survey size of 1,025 have found impersonation phishing attacks have had a severe impact on their business; losing money, data and subsequently customers to cyber criminals in 2019.

According to the State of Email Security Report, completed by Mimecast, 55% of respondents have also noted a steep increase in these attacks in the past year.

Impersonation phishing has enjoyed the greatest rise in the past year as cyber criminals use more convincing social engineering methods to scam businesses and their customers.

This type of fraud increased by 67% with 73% of businesses, or 748 of the 1,025 strong respondent list experiencing some form of loss through impersonation phishing.

216 respondents had experienced financial losses because of persistent impersonation phishing attempts. In some cases, this was due to money being lost by cyber criminals. However, respondents were keen to point out that some losses were a direct result of declining business due to reputational damage.

In fact, 209 respondents believe they have lost customers because of impersonation phishing as more clients look to use other firms perceived to be more secure.

Worryingly, the sophistication of social engineering is convincing too many customers and employees to part with sensitive and vital information. The survey found that almost half (40%) of respondents that found an increase in impersonation phishing had fallen foul of the cyber criminals by losing data.

The data suggests that law firms cannot rest on their laurels or hope that successful security methods used in the past will continue to work in the future. Government recommended – National Cyber Security Centre (NCSC), email defences, like DMARC, should be implemented to ensure a further barrier of protection are erected to prevent fraudsters from spoofing the exact domain.

Eyal Benishti, founder and CEO, IRONSCALES, commented:

“Polymorphic email phishing threats represent an incredibly difficult challenge for SOC and IT security teams to overcome.

“Just as security personnel think that they may have a phishing threat under control, attackers can augment the artefacts to give the message an entirely new signature, thereby enabling what is for all intents and purposes the same malicious message to bypass the same human and technical controls that might have stopped a previous version of the attack.”

Is your law firm protected from the increasing sophistication of impersonation phishing? Has your firm or clients been targeted via this form of scam?