The Dangers of Phishing

Phishing will continue to remain a top attack vehicle for cyber criminals to deliver a sophisticated attack against individual users and organizations. In a research conducted by security firm PhishMe, 91% of cyberattacks are initiated when the user interacted with a phishing email (e.g. clicked on a link, opened a suspicious attachment, etc.). Human traits such as curiosity, fear, or urgency are potential factors that would tempt users into interacting with the phishing messages. For example, below are some reports and impacts caused by phishing.

General Public and Other Industries

  • The Federal Bureau of Investigation (FBI) warned businesses and the general public about the rapid increase of Business Email Compromise (BEC) attacks that cost businesses in the U.S. more than $1.6 billion in losses since 2013 and $5.3 billion globally.
  • Financial: JPMorgan Chase & Co. (2014)
    • 83 million personal identifiable information (PII) was breached due to spear-phishing campaigns that targeted employees who had access to data systems and services.
  • Healthcare: Anthem, Inc. (2015)
    • An estimated 78.8 million consumer records started with an employee opening a phishing email.

State of Hawaii

Within this past year, the State of Hawaii Office of Enterprise Technology Services – Security Operations Center (ETS SOC) handled numerous case related to phishing attempts. Below are examples of the cases that we investigated.

Case 1: Account Compromise

  • A user clicked on a suspicious link in a phishing email and was lured to a spoofed Office 365 login portal
  • The user provided their credentials which lead to the account being compromised
  • It was also then determined that the victim’s email address was used to distribute phishing emails; a notable example of business email compromise

Case 2: Trojan Download

  • A user received a phishing email containing a malicious Word document
  • During the investigation, evidence showed that the user opened the Word document which lead to other malicious artifacts to be downloaded and/or installed onto the victim’s machine
  • ETS SOC verified that the activities were associated with a well-known Trojan called Hancitor

Everybody is a target and as a user, it is our shared responsibility to prevent any loss of privacy and security against our information resources. Continue to remain on alert as you are the last line of defense and if you receive a suspicious email, please remember to STOP (Stop.Think.Observe.Proceed) to prevent yourself from becoming a victim of phishing.

Stop

  • Do not quickly interact with an unknown email message without identifying any red flags (e.g. grammar, tone of voice, etc.)

Think

  • Do you really know who is sending you the email?
  • Is the sender attempting to solicit information from you?

Observe

  • Is the tone consistent with what you would expect from the sender?
  • Are there any punctuation or grammatical errors in the message?

Proceed

  • “When in doubt, throw it out.” Use that delete key if you are not sure if the email is valid
  • Report any malicious emails to ETS SOC ([email protected]) and your IT Coordinator by forwarding the message
    • Outlook client: Select the message and press the Ctrl+Alt+F keys at the same time.
    • Outlook Web Application (OWA): Compose a new message. The select the message to forward then drag-and-drop into the new message.

If you have any questions or concerns, please contact ETS SOC via phone (808-586-1950) or by email ([email protected]).