Note: Organizations have fallen victim to these attacks in the past week
We are currently observing a high volume of social engineering attacks coming from Gmail. The format for the account names seems to be fairly consistent. Three to four letters and 3 to five numbers. XBFI1234 is an example of the format. Other formats have been observed as well but are not consistent. Each of these messages is asking for some sort of gift card and they are asking the recipients to be discrete.
If you received a message from someone in your organization, either external from a Gmail or internal, and it seems odd, out of place, time sensitive, or secretive then please use another method of communication to verify the validity of the message. Phone call, SMS, and in person are all examples that are out of band for email.
Internal controls such as a policy for outside email communication and financial transactions can be put in place to lower risk.
What action can be taken?
1) Educate your end users – Let your staff know what the threat is and what to look out for.
2) Consider blocking @gmail addresses – When threats increase, consider blocking addresses like gmail, outlook, hotmail, and others to reduce the attack base.
3) These are impersonation attacks – This means the actual email address doesn’t match the person at your company they are impersonating. These are some of the easiest attacks detected. If you are not sending your employees through regular security awareness training and phishing them, contact us!