Many security experts in the banking industry have recently seen an uptick in a sophisticated form of email social engineering that is targeting financial institutions. Because this scheme is both convincing and difficult to stop, we want to make sure our business and consumer customers are aware.
In this scenario, compromised email accounts are used to send encrypted messages to contacts in the compromised user’s address book. These are typically sent using Microsoft Purview, a legitimate and well-regarded email encryption solution. When these messages are opened, the recipient is typically enticed to click on a link, which then takes them to a landing page where they are asked to log in. This landing page is nefarious in nature and is used to harvest the credentials that are provided, allowing the bad actor to take over their account if other controls such as multi-factor authentication are not in place. Once the email accounts are taken over, Outlook rules are put into place to prevent the user from becoming aware that their account was compromised.
This is a very difficult attack to prevent, as it is utilizing legitimate systems. A typical response would be to block the sender or the illegitimate emails, but the senders are legitimate, and the avenue, Microsoft Purview, is legitimate too. As a result, there are two ways to effectively handle this: user education and multi-factor authentication. *If you have not taken advantage of multi-factor authentication, now is a good time to implement this.
Please remember that if an unexpected email is received, especially one containing links, attachments, or is an encrypted message, contact the sender personally before clicking links, opening attachments, or unencrypting the message. If the email seems suspicious, be cautious! Additionally, if you have opened such an email recently, it’s better to report it to your IT and/or security team, if you have one, than it is to ignore it.
*If you have questions about multi-factor authentication and how Texas Republic Bank can assist you please reach out to firstname.lastname@example.org and Miguel Interiano or someone on his team will reach out to you.