Catch of the Day: Verify Email Phish
Chef’s Special: WormGPT Phish
Also serving: Happy Sys Admin Day
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at email@example.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Wait… what exactly is SysAdmin Day? Oh, it’s only the single greatest 24 hours on the planet… and pretty much the most important holiday of the year. It’s also the perfect opportunity to pay tribute to the heroic men and women who, come rain or shine, prevent disasters, keep IT secure and put out tech fires left and right. Gifts appreciated
Verify Email Phish
Received this phish on 2023-07-25 at 4:16 am. The Verify Email link resolves to https://vrdscvv.page.link/Cfirstname.lastname@example.org and then redirects to https://ipfs.io/ipfs/QmUKHMjrFNJhebdG2ND5KawphaoaHFxTuR9oXKd99kMNSxemail@example.com. We’ve seen this ipfs.io address before, and indicates the attacker is using legitimate public resources for some of the hosting.
I’ve seen versions of this phishing email before, and I appreciate the effort at realism. The sender address is immediately suspicious since it is supposed to be from my email host, but somehow is coming from one of my email accounts. Here’s the email:
The destination landing page is also quite realistic, but the redirected web address is a clue that this is fake.
I ran the original web link address through VirusTotal and got this result. A single detection usually means the link and exploit is new.
The redirection link, however, has been used before in other similar exploits.
This exploit illustrates the importance of recognizing these types of phishing emails. Never trust a provided link without verifying them first. And watch those domains and web addresses on the landing page. The web links and addresses should all be some version of ionos.com, not ipfs.io.
A new generative AI model called “WormGPT” is being offered on cybercrime forums, according to researchers at SlashNext. While other AI tools, such as ChatGPT, have safeguards in place that attempt to curb malicious use, WormGPT is specifically designed to generate malicious output to support malware development and social engineering attacks.
“We conducted tests focusing on BEC attacks to comprehensively assess the potential dangers associated with WormGPT,” the researchers write. “In one experiment, we instructed WormGPT to generate an email intended to pressure an unsuspecting account manager into paying a fraudulent invoice.
“The results were unsettling. WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks. In summary, it’s similar to ChatGPT but has no ethical boundaries or limitations. This experiment underscores the significant threat posed by generative AI technologies like WormGPT, even in the hands of novice cybercriminals.”
WormGPT offers the following benefits for criminals conducting phishing attacks:
Exceptional Grammar: Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious.
Lowered Entry Threshold: The use of generative AI enables the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cybercriminals.
Organizations should use a combination of technical defenses and employee training to defend themselves against these attacks. “Companies should develop extensive, regularly updated training programs aimed at countering BEC attacks, especially those enhanced by AI,” SlashNext says.
“Such programs should educate employees on the nature of BEC threats, how AI is used to augment them, and the tactics employed by attackers. This training should also be incorporated as a continuous aspect of employee professional development.”
New-school security awareness training enables your employees to make smarter security decisions.
Blog post with links and an example:
Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own website while linking to a fake login page, clearly aiming to steal WordPress login credentials.