The Enforcer Becomes the Victim
It is a mark of shameful arrogance when cyber criminals pose as none other than the police themselves. Often, hackers, once having attacked a mailbox or website, will leave behind taunting note on the web-pages/inboxes as a sign of their superiority. A recent event revolving around Delhi Police brought to light a sickening aspect of intrusion and hacking: a boldness that comes from thinking that since so many attacks slip through the nets, arrest is impossible.
Incident Report: Delhi Police Imitated for Phishing Emails
We all have a certain level of reverence for the law enforcement agencies. Sometimes, even a little bit of fear. How many times in the movies do we see a perfectly innocent person start running when a policeman arrives? We have created (maybe incorrect) impressions in our minds that policework is related to something dangerous or worrisome.
This is the sentiment that recent phishing campaigns exploited to the fullest.
Cyber criminals have been sending the phishing emails under the guise of Delhi Police. The emails are worded as a policeman might have. They are efficient in creating sudden panic and fear. The email subject line talks of a case of fraud that concern you. The ‘police’ have supposedly waited long enough and have escalated to a full-fledged fraud investigation against your company. The email further states that the details and various proofs are attached in the file, the link to which is part of the email body. It is a .rar file, titled ‘Fraud Notification.rar’.
Preventive Measures
It is really unfortunate that cybercriminals are taking such a route to spread fear and trick the victims. Law enforcement agencies like the police force always work with strict protocols. No solitary, random email from the police can ever be a cause for worry. Also pay attention to the email wording. The mannerisms are probably going to be perfect as a policeman’s. However a phishing email is going to be riddled with typos and grammatical errors not befitting a law enforcement agent.
The need of the hour is to have a strong email security service that can detect all kinds of advanced threats from your incoming mails, and also implementing DMARC for your outgoing mails, so that your domain is not impersonated by cyber criminals.
Email ATP Solution can combat advanced phishing threats and can expose links in an email containing malicious payload. With email becoming a common method of gaining access, we strongly encourage you fortify your company mailboxes.
With DMARC Monitor, you can expose fake sender’s addresses, who are sending emails using your domain names. This is done using SPF/DKIM protocols which work on the basis of encryption keys.
Stay Alert, Stay Safe.