Would you believe North Korea, Nigeria and Egypt?
You might think that phishing emails from these “third world” countries would be unsophisticated and easy to detect. You’d be wrong.
First North Korea. According to the Digital Journal, “Several U.S. businesses have been targeted by a campaign seemingly to originate from North Korea and using the tactic of spear-phishing. The cyber-assault is sophisticated, using legitimate documents as the targets.”
The article goes on to say, “The cyber-process is potentially connected to the North Korean Kimusky threat actors and it consists of sending victims trojanized documents via email. Furthermore, the hackers utilize little-used file formats, which makes them difficult to detect by conventional antivirus products.”
Next we have Nigeria. Probably no surprise being on this list. This time hackers attacked U.S. government employees. Not the brightest idea.
According to the Ridgewood blog, “Ogunremi and other conspirators perpetrated a computer hacking and theft scheme targeting United States government agencies’ email systems and Government Services Administration (GSA) vendors. The ring employed phishing attacks, which used fraudulent e-mails and websites that mimicked the legitimate e-mails and web pages of U.S. government agencies, such as the U.S. Environmental Protection Agency. Unwitting employees of those agencies visited the fake web pages and provided their e-mail account usernames and passwords.”
Continuing, “Ogunremi and his conspirators used these stolen credentials to access the employees’ e-mail accounts in order to place fraudulent orders or office products, typically printer toner cartridges, from vendors who were authorized to do business with U.S. government agencies.”
Finally, we have a new entrant in the international spear phishing cabal, Egypt. This time it wasn’t just a band of rouge hackers phishing people for money, but rather the Egyptian government going after Egyptian journalists and lawyers. If you can’t trust your government…
According to Reclaim the Net, “It was revealed that 33 Egyptians living all across the world were targeted by the attackers. Two out of these 33 Egyptians had recently been arrested as a part of the Egyptian government’s efforts to subdue anti-government protests.”
“It was further established that the cyber attackers employed a plethora of applications to lure individuals for obtaining details such as passwords, location data, and more.”
Do you know what all three of the victims in this story have in common? They could have avoided their problems by deploying low-cost, cloud-based phishing email security with real-time link click protection.
If you work for a business. If you work for the government. If you’re a lawyer or a journalist, do yourself a favor. Invest in readily-available and easily-deployable phishing protection technology to protect yourself from these bad state actors, because they’re not going to stop.
If you’re not sure where to start, check out our plans. It’s pennies per email a month, sets up in 10 minutes and you can try it free for 30 days. Don’t wait.