A phishing campaign has found a loophole, hiding malicious URLs in email attachments, by turning them into Morse code.

In this post, we investigate how this supposedly outdated form of communication is making a comeback. We also provide helpful guidance on how you can protect your business against these sophisticated attacks.

Cybersecurity is advancing at a rapid pace. In response, cyber-criminals are adapting their tactics and strategies. They are becoming smarter in their attempts to evade security measures and achieve their objectives.

Attackers are shifting their approach, from using plaintext HTML code, to multiple encoding techniques. A recent phishing campaign, discovered by Microsoft, includes using old and unusual encryption methods, like Morse Code – the 1800s communication system that uses dots and dashes to represent each letter in the alphabet.

The attack starts with an email that features an HTML attachment. The document is made to look like an Excel invoice for the company it’s addressed to. When opened, a prompt appears requesting the user to enter their password. Once the password is entered, the attack has been a success.

The email attachment is encoded using a JavaScript code that maps the contents of the document into Morse Code. It appears harmless to conventional security mechanisms, and can therefore land in our inboxes.

On it’s own, the email attachment is not unsafe. However, comparable to a piece of a jigsaw puzzle, its malicious intent becomes clear when combined with its other segments.

Modern phishing campaigns are sophisticated, evasive, and relentless. They are now cited as one of the most common security threats an organisation may face.

So, what is phishing? and how can you protect your business against it?

What is Phishing?

First established in the 1990s, phishing is one of the oldest and most widespread cyber-scamming techniques. It is a type of social engineering whereby attackers try and coerce users into downloading a file or clicking a link. The ultimate goal of a phishing scam is to get users to unwillingly share sensitive information (such as usernames, passwords, credit card numbers or bank details), or install malware on their machines.

Phishing can be conducted via social media, text messages, phone or email. However, the term is most often used to describe email attacks. Phishing emails can reach millions of people in just a few clicks and are easily hidden amongst the dozens of benign emails we receive daily.

During a phishing attack, attackers masquerade as a trusted entity of some form. This might be a company the target does business with or a trusted brand such as Microsoft or Facebook.

Emails can appear genuine. They are constructed to be relevant and look professional with logos and sleek designs.  As a result, trusting recipients will perform these required tasks without a second thought.

Anyone can be targeted by phishing emails. Individuals might be caught up in mass campaigns, where attackers look to collect some new passwords or make some money. Alternatively, phishing emails are used as the first step in a targeted attack on a business. In these instances, the end goal can be a lot more specific – such as the theft of sensitive data.

Phishing attacks can have substantial negative impacts on individuals and businesses. By sabotaging computer systems and networks or stealing large sums of money, the repercussions can be drastic.

How to spot a phishing email.

Your primary defence against phishing emails is awareness. Knowing how to identify and report phishing attempts is key in protecting data and devices against this approach.

Here are six ways to spot a phishing email.

1. Urgent call to action or threats – users should be suspicious of emails that require you to click, call or open an attachment immediately or urgently. Often, they claim the recipient must ‘act now’ to avoid a penalty or claim a reward.
2. First time or infrequent senders – when you get an email from someone you don’t recognise – take a moment to examine the address extra carefully, before you proceed.
3. Poor spelling and bad grammar – If an email has any obvious spelling errors, poor punctuation, or grammatical mistakes, it could be a scam. These errors are sometimes a result of poor translation from a foreign language, or a deliberate attempt to evade security filters.
4. ‘Dear Sirs’ or ‘Dear Madam’ generic greetings ­– nowadays, it’s easy for organisations that work with you to personalise a greeting. Anything that starts with “Dear Sir” might be a red flag.
5. Email domains – if the email is being sent from a domain such as Hotma1l.com or micr0soft.com it’s probably a phishing scam. Be very careful to check for subtle misspellings of legitimate domain names like rnicrosoft.com, where the “m” has been replaced by an “r” and an “n”. These are common scammer tricks.
6. Suspicious links and unexpected email attachments – if an email contains suspicious links or email attachments – don’t open them. Most file sharing now takes place via collaboration tools such as Dropbox. Emails with attachments should always be treated suspiciously. Keep an eye out for the extensions, .zip, .exe, .scr. These are all commonly associated with malware files.

A multi-layered defence approach.

Whilst spotting a phishing email is a vital aspect of protection, the NSNC recommend a multi-layered approach to your defence. Improve your resilience by including more technical measures. Your company productivity will be undisturbed in the event a phishing scam success.

The guidance recommends splitting your defences into four layers:

1. Make it difficult for attackers to reach your users
2. Help users identify and report suspected phishing emails
3. Protect your organisation from the effects of undetected phishing emails
4. Respond quickly to incidents.

In the event a phishing email avoids detection, our solutions and support will provide end-to-end phishing mitigation. We ensure each of the four layers of phishing defences is in place and help you improve your protection. This will also accelerate your responses to this widespread form of cyber-attack. Contact us today to find out more.