The New Hampshire Banking Department has issued an alert warning individuals and institutions of the many spear phishing attempts by the Syrian Electronic Army (SEA). Spear Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by rerouting an individual to a fake website appearing to be legitimate. Perpetrators attempt to scam individuals by sending legitimate emails containing links to the fraudulent websites and by sending emails with attachments such as zip files, PDFs, and Word Documents that contain malicious content.
The SEA has successfully attacked and compromised multiple high profile US media outlets and websites in the past several months. The FBI believes that this activity may continue due to US Military Action in Syria and may lead to further escalation of computer network operations by the SEA or other aligned cyber attackers.
Some examples of phishing emails include those that claim to be sent by FedEx or other shipping companies, stating that a package is ready for delivery. Other attempts appear to come from legitimate financial institutions such as Citibank and Bank of America. Due to the sophistication of the attacks, any legitimate website or organization is at risk of being spoofed and it is crucial that internet users educate themselves about recognizing fraudulent emails and websites.
Conversational spear phishing is also on the rise and has been for the past six months. Perpetrators gain access to a users email and send emails out to known contacts. Through this, the victim is tricked into believing that there is a “real person” on the other end of the email conversation. After convincing the victim, the perpetrator sends a file containing malicious content hoping that it will be opened and content downloaded onto the victim’s computer.
Users should practice safe password protocols by never using personal information that could be easily guessed. By using strong passwords containing, numbers, letters, and special characters, users can better protect themselves, their workstations, and their personal sensitive information. Updating your passwords on a regular basis can also help to ward off perpetrators.
If you should receive an email that you were not expecting or that you do not know the sender of, do not open the email and immediately delete it from your inbox and deleted items. Emails like this can contain malicious links or attachments appearing to be legitimate; however, once accessed, malicious content can be released and downloaded onto the user’s computer or reroute an individual to a legitimate looking site where sensitive information is requested.
Legitimate financial institutions and businesses will never attempt to obtain sensitive information via email. Nor will they ever require you to change your security settings, user IDs, passwords, or other credentials or credit card information via email without having spoken to you. If something appears suspicious, call the organization or institution with a phone number found on their website. Do not attempt to call and verify any sort of suspicious activity with a phone number provided as you may be connected to the perpetrator.
If you have any questions about this alert or feel you may have fallen victim to a spear phishing attack, please contact us as soon as possible so that we can assist you with protecting your accounts.