A Q&A with Ondrej Krehel of LIFARS

Even as users become more educated about phishing attacks, attackers continue to up the ante, producing new and more credible-looking ways of tricking people into sharing personal information. I spoke with Ondrej Krehel, eRiskHub^® security coach and CEO and founder at LIFARS about the latest round of phishing to hit Gmail users.

Your email account is essentially your identification on the internet. Think about all the credentials that are coming into it—you may have your passport or social security number, your health insurance accounts, or your tax returns

What is this new Gmail phishing attack?
Typically, phishing emails come with an attachment that people click. In this case, the attachment looks like a Google Doc you may be expecting and when it’s clicked, it prompts the user to enter a password.

What makes this attack so concerning?
It’s all about confusing the user who is engaging in the normal behavior of opening an email and an attachment that seems familiar. It looks and acts similarly to the real Google Docs platform which often asks you to enter your credentials multiple times. It also mimics the domain of Google with “Goo.gl” so if you were to hover your mouse over the link to the document it looks like a legitimate link. In Gmail, you can look up the “From” IP address but it doesn’t automatically verify—sometimes you get that “someone is logging in from an unknown device” email but it’s very easy for people to spoof headers and credentials and use your account and then contact all your friends and ask them to open the attachment.

What are the risks?
Your email account is essentially your identification on the internet. Think about all the credentials that are coming into it—you may have your passport or social security number, your health insurance accounts, or your tax returns. Many websites are set up to allow you to change your password as long as you correctly enter your email, therefore an attacker is able to do things such as access your bank accounts and wire money. Moreover, most people use one password across multiple sites; once an attacker has your credentials, they then can get into your account and access other sites you use.

How can users avoid getting caught up in this scheme?
Even at our company, I get 30 phishing attempts a week. They are extremely common. We know that the biggest industry challenge in fighting phishing attacks is that one provider does not have enough intelligence to block a phishing attempt. In the cloud, however, we can use sandbox technology solutions that can perform a validation and authentication of email messages. Two-factor authentication is crucial to securing important information. Another thing is to be aware of is the typical phishing patterns. For instance, if a coworker emails you and tells you that they couldn’t access their corporate email and are now sending you a document for review, you should consider that suspicious. An attacker could have gotten hold of that identity and are using it as a means to gain credentials and other important information.

In summary…
We want to thank Mr. Krehel, for his thoughts on this subject matter. In our role of supporting various cyber liability insurance underwriting companies, we are now seeing many cyber/data breach claims that were initially caused by a phishing attack. To Ondrej’s point, these attacks are very clever and can easily dupe an unsuspecting staffer into clicking on a link or attachment and thus help the attacker gain toehold into the network. Gmail is just one of many methods.

Please visit your eRiskHub^® to see Ondrej speak on topics like this at recent NetDiligence^® cyber risk conferences. Also, within your Hub see the ‘PhishFight™’ anti-phishing training section. Finally, consider deploying a data breach crisis plan to help your organization mitigate a future cyber incident: Learn more about our Breach Plan Connect™ solution.