How to Detect and Prevent Secure Document Phishing Attacks

Secure document phishing attacks are some of the latest in client endpoint exploits that have been plaguing the computing world. While these phishing attempts may fool the uninformed, by reading this article you will be better able to detect and prevent secure document phishing from effecting your Information Security environment.

A Secure Document Phishing Attack occurs when cybercriminals send either a fake PDF or DocuSign document to a user on your network, often using a fake (or spoofed) email address to make the recipient trust that it is from someone that they know. The email will normally request that the user clicks on a link to “receive a secure document.” This opens up a web page asking for credentials or other personal information, to click on a secure DocuSign document link that will instead download malware, or to click a link on a word document that contains macros that can download malware.

Technically speaking, Secure Document Phishing Attacks are a form of what is called Spear Phishing. Spear Phishing is the most specific type of phishing attack because it specifically targets a user or organization by using information that the potential victim would be familiar with, thus establishing trust. This type of phishing attack is one of the most successful types in existence today.

Let’s say that your organization periodically sends out emails to all employees. You receive an email that looks like it may be from someone in your organization but it seems, well, phishy. The email that you receive looks like the following:

This is a prime example of a Secure document phishing email. Confirm with the sender if it is legitimate as the first step but do not expect to do anything but delete the email.

There are many ways to detect whether the email you (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Vfdo_ID96T4/