New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Phishing Isn’t Just for Money

Scammers have tried to rip off computer equipment suppliers with targeted phishing emails that impersonate the Texas Department of State Health Services (DSHS) commissioner. The scammers did their homework and crafted a very credible looking message with details that would look legitimate on a quick search. In an email to a company’s sales department, the scammers requested a quote for 20 touchscreen laptops and 200 portable hard drives. The email impersonated John William Hellerstedt, the acting commissioner of the Texas DSHS, and appears to be from the legitimate domain of the agency. Abnormal Security, an email protection company, has done the investigation on this incident and has found that the ‘reply-to’ field came back to a different email address that pretends to belong to the city of New York and was registered two months ago. Abnormal Security stated that they believe that the email was trying to trick the supplier into delivering the products to an address selected by the scammers for resale at their convivence.

Analyst Notes

Phishing emails continue to be the primary method of scamming for attackers. Anti-virus and EDR programs are excellent at preventing most malicious programs, but they cannot prevent human errors in judgment. When an individual receives an email that requests a transfer of products or finances, or information of a sensitive nature, the recipient should verify the email by directly contacting the sender via a phone call or by finding their email through the organization’s directory. If the reply-to address of an email message is different from the apparent sender’s address, that should trigger additional scrutiny. If an email is received that asks for login information or leads to a web page that mimics a login page, the email should be immediately treated with suspicion.