Anatomy of a Phish: April 2024 Phishing Simulation

by

Test Inspiration: This simple phishing email was inspired from one that I have used in my personal studies. This is a very generic email that attempts to get the user open a malicious attachment. In the attachment, I have created a macro that will execute a malicious payload that open a connection back to an attackers machine (the Knowbe4 phishing test did not do this exact behavior). This payload establishes a foothold in the network that will be the stage for further attacks.

Phishing Email Context: The phishing email designed to mimic a common phishing attempt to entice a user to open a malicious attachment, in this case “vpn_config.doc“. Using a narrative about a new IT employee trying to complete some final VPN configurations. The design and content were tailored to simple and common to most standard phishing attempts, however still adding enough personalization that an attacker would mimic.

Key Findings & Recommendations:

  • Email Address Discrepancies: Be cautious with emails that appear genuine but have slightly altered addresses. Cybercriminals often use domains that resemble the authentic one with minor changes.
  • Suspicious Links & Attachments: Always approach links or attachments in unsolicited or unexpected emails with suspicion. They are common phishing tactics.
  • Verify Links: Before engaging with any link, hover over it to inspect the actual URL. Ensure it directs to a legitimate site and be alert for any anomalies like misspellings or odd domain extensions.
  • Check for Personalization: Authentic communications, especially from platforms like Microsoft Teams, will often be personalized. Beware of generic greetings.
  • Stay Updated: With cybercriminals constantly refining their methods, it’s crucial to stay updated on the latest phishing strategies and partake in regular awareness training.
  • Report Suspicious Emails: If you encounter a dubious email, refrain from interacting and promptly report via the Phish Alert button.

Conclusion: The landscape of phishing is continuously changing. By staying informed about cybercriminals’ tactics and maintaining a vigilant approach, we can substantially mitigate the risk of succumbing to these threats.