In this article, Mr Higbee, co-founder and CTO of PhishMe, discusses a new, more sophisticated, phishing tactic where hackers are engaging in email conversations with their victims in order to make their emails seem more authentic
“It’s legit,” an APT1 hacker wrote in response to a recipient who questioned the validity of a spear phishing email sent by the now notorious Chinese hacking group. This recipient had the awareness to initially question the authenticity of the phishing email, but when APT1 responded, it added an element of trustworthiness to its communication, one that could trip up even a savvy employee.
This is one of the tactics Mandiant® described in its report about APT1, and is something we at PhishMe® have observed as well from both our customers and our contacts in the industry. To address this issue, we rolled out the Double Barrel, a new scenario type that will simulate the conversational phishing techniques used by advanced adversaries like APT1. This has been in development for months, and it was a happy coincidence that we rolled this out the same week that Mandiant provided the world with a concrete example.
One important thing to note about this feature is that it is intended for our veteran customers who already have mature PhishMe programs in place. This is for a user base that is already resilient to basic phishing tactics. At PhishMe, we’re proud to not only provide our customers with new features, but to have a customer base mature enough to demand them. Just as the “P” in APT stands for persistent, our customers need to be persistent in training their user base, and the Double Barrel will allow our customers to enhance their already successful programs in a meaningful way that addresses a real world problem.
Just as the name suggests, the Double Barrel allows our customers to send not one but two phishing emails in each campaign. A Double Barrel scenario sends one benign email (the lure) that contains nothing harmful and doesn’t solicit any response from the recipient. It could be a friendly introduction such as, “Hello, we met at XX Conference last week, I have a report I’d like you to review, I will send it over shortly.” An hour or so later, the aforementioned report arrives, just as promised.
Double Barrel scenarios can be customized to swap delivery order (sending the lure after the malicious email), stagger the delay between emails, and flag one or both emails as “Urgent.”
As with all other PhishMe scenarios, Double Barrel features a bevy of content developed by our team and based on our real world experience:
– Aaron Higbee