March Madness — Phishing? How many of your employees do you think will be swapping, and opening, basketball-themed emails throughout the NCAA play-offs?
McAfee turned up a good example of plausible, well-timed phishbait recently. A malicious Word document was circulated to South Korean targets interested in the Winter Olympics, particularly targets involved with hockey. The timing coincided with pre-Olympic drills the Republic of Korea’s National Counter-Terrorism Center was actually holding around Pyeongchang, and the corporations that were blind-copied had some involvement with the Winter Olympics, so receiving an Olympic-themed email from them would be unlikely to arouse suspicion.
The recipient is advised to “enable content” so the document is visible in their version of Microsoft Word. Should they enable content, they will execute a PowerShell script hidden in a convincing-looking logo image. So this was sophisticated social engineering, with good target selection, attractive phishbait, and nice timing.
Your organization might consider training for other periods when this kind of approach might be tried again – such as March Madness?! Strengthen your human firewall, because automated filters are unlikely to catch it all.
