Cybersecurity researchers at Cofense Phishing Defense Center (PDC) have unearthed a new phishing campaign that uses ‘information technology (IT) support-themed email’ to lure users to update their passwords. 

The email appears legitimate because it’s a common practice within organizations to send security updates to their employees on a weekly or monthly basis. IT team deploys a reset password communication mail to strengthen the employee’s email security. Therefore, it’s a smart move by the attackers to target organizations via phishing email. 

Researchers first suspected the email because the domain was only a few months old. However, the domain address “realfruitpowernepal[.]com” was identical to an organization’s internal IT department, yet a further examination of the domain led to a free web design platform. The second red flag was the opening of the email that doesn’t contain phrases such as “Good Morning” or “Dear…”, possibly suggesting the mass-email attack.

When the user proceeds further by clicking on the “Continue” button, a Mimecast link appears, along with the now censored user email address toward the end of the URL. The users might not feel anything dubious because scammers have used the correct spelling and name, which directs users to a Mimecast web security portal that gives them two options: block the malicious link or ignore it. 

Choosing either option directs the user to the same phishing landing page that displays the session as expired. The motive of the scammers was to make the phishing landing page appear identical to the legitimate Mimecast site. However, during the investigation, it was discovered that the URL provided does not match the authentic Mimecast URL and the footer detail was missing, researchers explained.

Scammers have employed very powerful social engineering to trick the users. The phishing page is designed in such a way that the user providing true login credentials or a random string of credentials, would still be redirected to the page displaying a successful login message.

How to safeguard against phishing emails?

• Installing security software is the first line of defense against phishing attacks. Antivirus programs, spam filters, and firewall programs are quite effective against phishing attacks. 

• Monitor: use phishing simulation tools to evaluate employee knowledge regarding phishing attacks. 

• Organizations should incorporate cyber security awareness campaigns, training, support, education, and project management as a part of their corporate culture. 

• Businesses should deploy multi-factor authentication to prevent hackers from gaining access to their systems.