Phishing emails that use fake traffic violations as a bait are on a rise, CISA and FBI warn.
Victims are being tricked into downloading Trickbot, a dreaded malware using phishing emails. The messages trick users into clicking a link to see the proof of their traffic violation. But, clicking the link takes them to a spoofed website.
The website prompts the victim to click the photo proof of their violation. Unfortunately, clicking the photo proof initiates the download of a malicious program onto the victim’s computers. The malicious program, in turn, downloads Trickbot to the victim’s computer.
Why you need to beware of phishing attacks using fake traffic violations
The Trickbot malware was ranked as the top threat for businesses in 2018. Previous versions of the malware were used to steal login credentials from infected computer. But, its recent versions have become a powerhouse for hacking activities. The newer variants can spread across computer networks, steal data, cryptomine, and download additional malicious programs onto the victim computers. It has become a tool for ransomware attacks as well.
Last year, Microsoft carried out an operation to disrupt Trickbot. In October, 2020, it announced that it had successfully cut off the key infrastructure spreading the malware. But, the malware has made a comeback since then.
As per the CISA-FBI warning, the phishing emails attempting to trick victims into downloading Trickbot, are also using the malware to
- Drop other malware, including Conti Ransomware
- Serve as a downloader for Emotet, another dreaded malware
Besides this, the malware would try to exfiltrate data from your computer. In addition, the criminals can use it to steal credentials, cryptomine, and attack other computers connected to your network.
Unfortunately, it can be difficult to differentiate a fake email from a genuine one. This is because criminals tailor their messages to look like the original communication. Thus, it’s important for you to ensure that your workers are trained to guard against such attacks.
Thus, you need to put in place an information security training program that covers topics such as:
- How phishing works
- How to identify spoofed emails
- How to report suspicious emails
You need to train your employees on secure email practices too. This includes, how to examine the sender email address, embedded links, and attachments.
Similarly, your employees need to know about spear phishing attacks as well. As spear phishing emails appear to be from a trustworthy sender, they are more difficult to spot, and thus more damaging.
In our opinion, employers need to couple their security training with phishing tests. Such tests are good for checking the resilience of your security infrastructure.
A phishing test sends a fake-phishing email to employees, and checks if they fall for the bait. These tests serve two purposes. Firstly, they train employees on the traits of a phishing email. And secondly, they help the IT staff figure out how vulnerable their network is to intrusion. On this subject, the NIST suggests that you should use the phish scale to rate the success of your tests.
Simultaneously, you also need to put in place technical controls to aid your IT staff handle the phishing threat. For example, spam filters, blacklisting malicious domains, disabling downloads, blocking macros, and red flagging suspicious behavior can help to lower the rate of attacks.
Fighting phishing has to be a continuous effort on your behalf. Fake traffic violations are just one form of the lures used by cybercriminals. For instance, pandemic-themed attacks that use vaccines and stimulus checks as bait are rising as well.
So, you need to ensure that your staff is aware of the dangers posed by phishing, and how to deal with such an attack.