March 9, 2018
New Spear Phishing Attack Using Employee SSN As Bait
The Beazley Breach Response (BBR) Services team is currently working with many policyholders who have reported within the last 48 hours that their employees have received and clicked on a new, particularly effective spear phishing email. While the first incidents were reported by credit unions, we have now seen incidents occur across industries, including higher education and utilities.
Spear phishing is a form of phishing that is targeted at the recipient and appears to come from a trusted sender. This new attack is made to look like it comes from FedEx. The phishing emails included the targeted employee's name and Social Security number. Noteworthy here is that these phishing emails "up the game" by actually including employee personal information in the email, which may be the reason the recipients were tricked into clicking on the email's links.
The links in the email take the email recipient to a Google Docs page, which retrieves a unicode-encoded Visual Basic (VB) script from Google and uses that as a dropper to download and install malware. Essentially, this means that in these cases there is a reasonable probability of a malware infection that could potentially impact personally identifiable information (PII).
We are working closely with the affected organizations along with legal and forensic experts to investigate and mitigate any impact and also to find a common source of the compromised information.
Some steps to take:
- Warn employees about this specific attack. See the attached Tip Sheet that provides more information about spear phishing. It also includes a sample image from the current attack.
- If your employees receive phishing emails, contact IT immediately. Determine if anybody clicked on the links and/or provided their credentials. Take necessary mitigation steps, such as changing passwords and scanning for malware.
Please contact us should you have additional concerns or questions.
Go to main navigation