Thanks to the Sophos Security Team for their help with this article.
- Sophos Utm Phishing Protection
- Sophos Malware Protection
- Sophos Spam Protection
- Sophos Phishing Protection
Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam.
Here’s a tasteless and exploitative example, reported to us by the Sophos Security Team, of a current scam that uses the coronavirus as its lure:
Sophos Utm Phishing Protection
The email, which carries the logo of the World Health Organization states:
Go through the attached document on safety measures regarding the spreading of corona virus.
Here at Sophos, we’re innovators in virus security, focusing on developing new applicable technologies to fight malware, phishing, ransomware and other forms of cybercrime with solutions stretching back over 30 years. Sophos Artificial Intelligence was formed in 2017 to produce breakthrough technologies in data science and machine learning for information security. We're currently focused on machine learning, large scale scientific computing architecture, human-AI interaction, and information visualization. Sophos Home for PCs and Macs. Protect all the computers in your home with the free Sophos Home. The same antivirus, malware protection, and web filtering technology trusted by hundreds of thousands of businesses is now yours to take home. Stop malware, viruses, ransomware, and malicious apps; Block unwanted web content, phishing attacks.
Click on the button below to download
Symptoms common symptoms include fever,coughcshortness of breath and breathing difficulties.
Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems.
The link you’re asked to click on is similarly, and fortunately, dubious.
Firstly, it seems to be a compromised music site with a weird name that doesn’t have any obvious connection to any well-known health organisation; secondly, it is an HTTP site, not an HTTPS site, which is sufficiently unusual these days to be suspicious in its own right.
Nevertheless, the scam page itself is incredibly simple – it can’t have taken the crooks more than a few minutes to put together – and visually effective.
Sophos Malware Protection
The fake page consists of the official, current home page of the World Health Organisation (WHO) , with an unassuming popup form on top of it.
It doesn’t just look like the WHO’s page in the background, it is the WHO’s page, rendered in a frame that’s embedded in the fake site:
You can see why someone who’s nervous about the coronavirus issue, or who has friends and family in the main areas of infection, or who wants to do the right thing by learning more about preventing the spread of the disease…
…might fill in the form, perhaps because they are feeling pressurised by (or not thinking clearly because of) the subject matter.
Sophos Spam Protection
Indeed, many companies have already sent emails to their staff to offer advice, so reading additional information that is allegedly from the WHO sounds like a sensible and responsible thing to do.
Of course, if you put in your email address or your password and click through, you’ll be submitting the filled-in web form to the crooks.
Worse still, you’ll be submitting it over an unencrypted connection.
So anyone else on the same network as you, for example in your hotel lobby or the coffee shop, could potentially capture your network traffic and see the username and password you just put in.
Once you’ve clicked the [Verify] button, the crooks simply redirect you to the real WHO site at who DOT int, which looks just like the previous page you were on, minus the popup form…
…with the rather obvious exception that the address bar now looks (and is) correct, displaying the genuine WHO website name, showing a padlock and – if you click through and view the web certificate – a certificate that shows up as issued to the WHO itself.
What to do?
- Never let yourself feel pressured into clicking a link in an email. Most importantly, don’t act on advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look.
- Don’t be taken in by the sender’s name. This scam says it’s from “World Health Organization”, but the sender can put any name they like in the
From:field. - Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent – it’s bad enough to get scammed at all without realising afterwards that you could have spotted the fraud up front.
- Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look.
- Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness web page to ask for your email address, let alone your password. If in doubt, don’t give it out.
- If you realise you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically), so the sooner you react, the more likely you will beat them to it.
- Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
- Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the crooks, because just knowing your password alone is not enough.
- Educate your users. Products like Sophos Phish Threat can demonstrate the sort of tricks that phishers use, but in safety so that if anyone does fall for it, no real harm is done. Sophos also has a free anti-phishing toolkit which includes posters, examples of phishing emails, top tips to spot a phish, and more.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
Protect your Microsoft Office 365 users from malicious emails.
With O365 Security you can set up Post delivery protection. This includes Auto search and destroy, which searches your users' Microsoft Office 365 mailboxes to identify and quarantine malicious emails.
Sophos Phishing Protection
You must add your Microsoft Office 365 tenant domains to Sophos Central in Email Gateway Dashboard > Addresses and domains before you can use Post delivery protection.
Set up O365 Security
When you set up O365 Security you must give permission for Sophos applications to access your Microsoft services. This allows us to scan users' inboxes for malicious emails.
You can find out how to set up O365 Security and turn on Auto search and destroy in Setup Post delivery protection.
Manage Microsoft Office 365 connections
You can see the status of connections to your Microsoft Office 365 tenants in Overview > Global settings > Domain Settings / Status.
For more information see Domains Settings/Status.
Manage quarantined messages
Auto search and destroy automatically looks for malicious emails from your users' inboxes, and quarantines them. You can find quarantined emails from Office 365 users in Email Gateway Dashboard > Quarantined Messages > Post delivery quarantine.
For more information see Quarantined Messages.
Reports
O365 Security reports are available in Overview > Logs & Reports > Post delivery summary.
For more information see Post delivery summary report.
Comments are closed.