A phishing attack that uses customized information has a 90% success rate in getting unwitting targets to open malware-infested emails, according to researchers.
The security team at Barracuda Networks discovered the airline phishing attack while running threat scanning software on client mailboxes. The attack was most frequently found in industries that deal with logistics and shipping, as well as employee travel.
In this attack, hackers combine several complementary techniques to capture sensitive data from targets, including impersonation, malware installation and phishing.
First, malicious entities research the company’s organization and communication to create a legitimate-looking email. These emails are sent to the attention of the company’s human resources or finance department, with a message in the subject line referencing flight confirmation that includes airline, destination and price of a specific flight. Creating a customized email of this nature, directed to a specific target within an organization, requires a level of preparedness that is rarely seen in phishing and malware deployment.
These impersonations are successful enough that counterfeited emails are opened more than 90% of the time.
Once the email is opened, targets may be directed to open an attachment containing flight confirmation numbers or receipts, shown as a PDF or DOCX document. These attachments seem trustworthy due to the specific details included in the email. When the attachment is opened, malware is dropped into the system. At that point, the attacker can either deploy an additional attack, like ransomware, or lurk in the system, accessing sensitive data throughout the network.
In other cases, targets are directed to follow a link that is a phishing website, designed to look like a proper airline, travel, or expense tracking website used by the company. The targets are tricked into entering a username and password which are then captured by the hackers, allowing them to access different areas of the company’s network including databases, internal corporate communications, and email or file servers.
In order to prevent falling victim to this attack, Barracuda recommends a multi-layered security plan that involves sandboxing, which helps to block malware; anti-phishing software with link protection, and employee training and awareness.