Contact Us
Holiday Phishing
With the holiday season quickly approaching, it is a safe bet to expect a substantial increase in phishing attempts by criminals looking to steal log-in information and other credentials during the swell of online transactions. Historically, December has seen strong surges in phishing activity. Last year, reported attacks in December almost doubled the number of attacks seen in November and we are already seeing similar, if not greater numbers this year.
The primary reason for this is obvious – the holidays are easily the prime hunting season for individual phishers and criminal organizations who want to make the most money with the least amount of effort. With millions of distracted consumers checking their accounts and making purchases online every day, the holiday season is by far the most productive time of the year for phishers. Any business with customer accounts that can be accessed online should be very aware of the elevated threat and be on the highest alert for reports of suspicious emails.
Because phishers do not need access to an organizations' network to set up a phishing scam, preventing phishing attacks is practically impossible. However, there are many steps that can be taken to insulate your company and your customers against phishing scams. The following technical preparations are proactive best practices which are recommended in a report sponsored by the Department of Homeland Security:
- Have one simple message that is clear, concise and jargon-free. For example, "XYZ Company will never use email to request ANY account information such as names, passwords, etc."
- Work with existing marketing, customer support and public relations resources to get your message across.
- Time your communications in anticipation of high threat periods, but do not overdo it. Constant warnings could give the wrong impression and hurt business.
- Have additional resources available for anyone who requests more information, such as pamphlets or a portion of your website, to further describe phishing and steps they can take as customers to ensure they do not get phished.
- Let your customers know how to get in touch with you if they suspect phishing – include it in automated voice mail menus and on your website.
We expect a record number of phishing attacks to take place during the holidays this year and it is only going to get worse in the future. The number of phishing attacks is steadily increasing every month as phishing operations become more and more sophisticated and efficient. Having a proactive strategy in place that emphasizes both technical countermeasures and customer awareness initiatives will help your company protect its customers and reputation, even during periods of elevated risk like the holiday season.
To learn what SecureWorks can do to help protect your organization from phishing, please click here.
SecureWorks and LURHQ Merge to Create the Industry's Leading Managed Security Services Provider
SecureWorks and LURHQ, both leaders in the Managed Security Services market, have merged to form the new SecureWorks, the industry's leading, pure-play Managed Security Services Provider (MSSP). The new SecureWorks has over 1,600 clients and 7,000 managed and monitored devices worldwide.
Combined, the two companies leverage unparalleled internal and external threat visibility to prevent security events from impacting client environments. SecureWorks' flexible service options provide fully-managed, co-managed and self-service security solutions to meet the requirements of businesses of all sizes ranging from Fortune 100 companies with large security teams to smaller companies with no security expertise. Through their customized services, SecureWorks protects clients' critical assets while improving the efficiency of their security operations. SecureWorks also facilitates compliance, enabling organizations to easily demonstrate that they meet the security requirements of many government and industry regulations.
To deliver services, SecureWorks relies on purpose-built technology, 100% GIAC certified security experts and a strong security research team leveraging unmatched visibility across the threat landscape. Through proven service delivery processes, these unique components work together seamlessly to deliver the most effective Managed Security Services to organizations around the world.
For additional information regarding the merger of SecureWorks and LURHQ, please click here.
Security Operations Center (SOC) War Story: Phishing Takedown
Business Problem
Early phishing scams were easily detected by everyday users simply because of the severely broken English and poorly constructed fake websites. In contrast, many of today’s phishing scams mirror their target companies’ emails and websites so flawlessly that they can deceive even the savviest of customers. To make things worse, phishing attacks can be very difficult to detect and they are virtually impossible to pre-empt. With the average lifespan of a spoofed phishing website being less than 2 days, countering phishing attacks can seem like chasing ghosts.
On a Monday morning in early August, one of our clients began receiving several calls from customers concerning an “urgent account update email” that was sent out late the previous week. Apparently, hundreds of their customers had been sent fraudulent emails which demanded they click a link and log-in to their accounts to update their information. According to the email, all customers of this financial institution were required to update their information as part of a mandated anti-fraud initiative. The email also warned that all accounts which had not been updated by 4:00 PM Tuesday would be frozen until further notice.
Predictably, many of the client’s customers who got around to checking their email at work that Monday morning were panicked at the thought of having their accounts frozen. With thousands of customers, the financial institution’s customer support staff was well aware of the phishing threat in general and handled each call accordingly by advising the callers to delete the email and to never trust any emails requesting account information. However, realizing that the number of customers who called was probably very small in comparison to how many actually received the phishing email, the client knew they needed professional help to minimize the damage.
Business Solution
In need of a partner to help them respond to the phishing incident, the client contacted SecureWorks. With the client’s approval, SecureWorks’ team of security professionals immediately began working to neutralize the phishing scam. Leveraging their expertise and experience in dealing with many phishing attacks, as well as key relationships with security organizations and anti-phishing groups, SecureWorks determined the location of the compromised server hosting the spoofed phishing site and worked with the local ISP to shut the phishing scam down. However, having dealt with increasingly sophisticated phishing tactics in recent months, SecureWorks’ team was certain the attack was not sufficiently countered. Expecting the hacker to have access to additional compromised servers, SecureWorks’ team worked with the client to keep constant vigilance over the client’s bounced email activity. Sure enough, in less than twelve hours the hacker re-established the phishing web site using another compromised server which was subsequently taken down by SecureWorks. This occurred twice more over the next three days, with SecureWorks locating the phisher’s “owned” servers and taking them down each time.
After the incident, SecureWorks’ team performed in-depth analysis to assess the severity and scope of the phishing incident. Based on the analysis, SecureWorks provided the financial institution with detailed findings describing the magnitude of the phishing scam and recommendations as to how they could reduce the risk of phishing attacks in the future. Working with the client’s IT staff, SecureWorks evaluated their response to the attack and helped develop a precise incident response plan that laid out the specific procedures, processes and responsibilities that should be followed to minimize the impact of future phishing attacks.
To summarize the incident for the client’s management and board of directors, SecureWorks also delivered a high-level post-incident report that discussed the impact the fraud attempt had on their members and overall business. With SecureWorks, the financial institution found a security partner they could count on to provide expert response and protect their business by countering phishing attacks quickly and effectively.
News & Events
Recent Threat Analyses
SpamThru Statistics
Additional Analysis of the SpamThru Trojan
Published November 13
Botnet
Botnet Attack and Analysis
Published November 11
SpamThru
Analysis of the SpamThru Trojan
Published October 18
Visit our Research Center Web Log regularly for additional security information and commentary from the SecureWorks Security Research Group.
Recent News
"Pump-and-Dump" Spam Surge Linked to Russian Bot Herders - eWeek
Small Companies Ignorant of Security? - TechRepublic
Read more recent news.
Newsletter Feedback
Please contact us if you wish to provide feedback on our newsletter or if you have any questions about SecureWorks and our services.
About SecureWorks
With over 1,600 clients, SecureWorks has become the largest managed security services provider safeguarding more organizations than any other vendor. SecureWorks provides the most effective security services by leveraging our integrated security management platform, advanced security research, and 100% GIAC certified experts. Our services include:
- Security Management
- Security Monitoring
- Self-Service Security
- Professional Services
