EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

What does it mean to “Phight the Phish?”

EclecticIQ Threat Research Team October 15, 2021

Beware the Phish!

What’s the big deal about phishing? A lot, it turns out. We’ve all seen—but hopefully ignored—emails that looked a bit off: full of typos, sent from an unrecognized address, or about something we’re not interested in. At its most basic, phishing is a tactic that criminal actors use to get victims to open emails and email attachments, or to click on links which get the threat actor access to the victims’ personal information or computer network, often without the victim realizing what happened. Phishing remains one of the most popular attack vectors for potentially very disruptive ransomware and plenty of other cybercriminal activity.

Criminal organizations know that victims may click on phishing lures only a small percentage of the time, which is why they aim to send out as many lures as possible. On occasions when it does work, phishing can yield access to an individual’s personal data or to an organization’s protected internal network.

The current trend is that the number of phishing attempts made each year continues to grow, as does the damage from successful attacks. According to Proofpoint’s “2020: State of the Phish” investigation, two thirds of organizations around the world experienced a targeted phishing attack in 2020. (1)

Look Beyond the Phish: Smishing and Vishing

Criminals are creative and adapt their techniques and technology to catch people off guard. Enter phishing’s lesser known but equally dangerous cousins ‘smishing’ and ‘vishing.’ Smishing (SMS phishing) is any kind of phishing that uses a text message to deliver the lure. Vishing (or voice phishing) happens when a fraudster calls the victim posing as a reputable person or company, luring the victim into sharing confidential information such as banking credentials or personal identification data.

While the delivery format for each of these phishing types is different, the aim of the threat actors in each case is the same: they want to get access to devices, and to get ahold of personal data. The unique point about phishing, smishing and vishing is each of these tactics preys on human behavior to respond to the lure; without this victim participation, the attack will be unsuccessful. Criminals will try every way possible to get the data they’re after—while smishing and vishing may be slightly lesser known, they are lucrative and popular. According to the same Proofpoint study mentioned above, 61 and 54 percent of organizations surveyed faced smishing and vishing attacks in 2020.

EclecticIQ analysts tracked a smishing campaign targeting the U.K. and Ireland at the start of the year. The threat group impersonated Her Majesty’s Revenue and Customs (HMRC), U.K. delivery companies, and well-known U.K. and Irish banking and telecommunication organizations with the goal of stealing the victim’s banking details for financial gain. Below is one example of a smishing text received by an EclecticIQ researcher which impersonates a legitimate organization.

Countering Phishing at Every Step: Educate. Verify. Report.

Despite being cloaked in technology, phishing is all about people. On one end, there are threat actors behind the phishing lures, and on the other end are victims who unknowingly take the bait. The good news is that protecting oneself and one’s organization is relatively easy.

  • Educate: Phishing attempts are all about human nature: the social and psychological drives that tempt users to open emails, click on links, or answer questions when asked. Organizations must take steps to educate their staff about this threat—and most do. The best education, however, will be cyclic and repetitive. Iterative education programs keep the nature of the threat in the forefront of the mind—and will adapt along with threat actors’ TTPs. Cofense has a good list of phishing indicators here. (2)
  • Verify: Any legitimate inquiry should be able to be validated another way or through a second source. For example, if an email arrives to a work account, the IT department should be able to verify whether or not it is legitimate. If an email appears to come from within your organization, a conversation with a colleague can help determine if it is legitimate. The old adage “trust but verify” won’t work with this threat—now it’s “don’t trust, verify first.”
  • Report: In the unfortunate event of a successful scam, report the event to the authorities. Netherlands based victims are encouraged to report scams to the Dutch National Anti-Fraud Hotline. (3) In the U.S., complaints should be filed with the FBI’s Internet Crime Complaint Center (IC3). (4) U.S. citizens who are victims of international crimes should report them to the Federal Trade Commission. (5)

Appendix

  1. https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phish-2021.pdf
  2. https://cofense.com/knowledge-center/signs-of-a-phishing-email/
  3. https://www.fraudehelpdesk.nl/fraudhelpdesk-the-dutch-national-anti-fraud-hotline/
  4. https://www.ic3.gov/
  5. https://www.ftc.gov/news-events/audio-video/video/report-international-scams-econsumergov

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (127)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo