Organizations have fallen victim to Gmail phishing attacks

We are observing a high volume of social engineering attacks coming from Gmail. The format for the account names seems to be fairly consistent. Three to four letters and 3 to five numbers. XBFI1234 is an example of the format. Other formats have been observed as well but are not consistent. Each of these messages is asking for some sort of gift card and they are asking the recipients to be discrete.

If you received a message from someone in your organization, either external from a Gmail or internal, and it seems odd, out of place, time-sensitive, or secretive then please use another method of communication to verify the validity of the message. Urgent return phone calls, SMS, and requests for in-person are all examples that are out of band for email.

Internal controls such as a policy for reviewing outside email communication and requests for online financial transactions should be put in place to lower risk.

What action can be taken?
1) Educate your staff – Let your staff know what the threat is and what to look out for.

2) Consider blocking @gmail addresses – When threats increase, consider blocking addresses like gmail, outlook, hotmail, and others to reduce the attack base.

3) These are impersonation attacks – This means the actual email address doesn’t match the person at your company they are impersonating. These are some of the easiest attacks detected. If you are not requiring your employees to go through regular security awareness training and phishing them, contact us!