Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9

of 35 | Dealing with a Spoof mail attack and Phishing mail attacks | a little story
with a sad end | Part 1#9
Written by Eyal Doron | o365info.com | Copyright © 2012-2016
Dealing with a Spoof mail attack and Phishing
mail attacks | a little story with a sad end |
Part 1#9
In the current article, I would like to review the chain of events that occurs every time, again and
again, in a scenario in which the attacker manages to successfully execute a Phishing mail attack.
The reaction of the involved persons is known in advance, and the sad end of the story is known
in advance.
The main goal of the story is - to serve as a wakeup call, so you do not have to be a character in
the play of – Phishing mail attack!
The major challenges relating to the subject of Spoof mail attack and Phishing mail attacks are
1. The fact the Phishing mail attack is a sophisticated attack that includes many parts that
will need to deal with each one of them separately such as – Spoof mail attack.

2. Our ignorance about the way the Phishing mail attack work and executed.
3. Our fake confidence which is based on our mistaken assumption that our mail
infrastructure is protected and can deal with all this “mambo jumbo attack” stuff.
Why are we so arrogant?
The common denominator of IT people is - the strong believe, that he is some kind of Albert
Einstein, that knows everything there is to know about IT and security.
If we have the courage to admit, most of us not really know what is the meaning of Phishing
mail attack, what are the characters of Phishing mail attack, what are the different flavor of
Phishing mail attack, what is the difference between spam mail, Phishing mail attack or a Spoof
E-mail.

The bitter truth appears when and where we least expect it!
Your organization experiences a successful Phishing mail attack, in which the attacker manages
to cause a huge damage to our organization.
You feel like a bull rammed you!

The next emotion in our emotional rollercoaster is "panic."
We don’t know what is volume of damage, we don’t know if our network was infected with
malicious code to continue to damage our organization or, just sit and wait for the right
opportunity.
The real reason of the “panic” is the very reasonable suspicion that his ass is on fire!

The next emotion in our emotional rollercoaster is "anger."
The source for the "anger," is frustration.
The source of the frustration is because:
 We didn’t manage to identify and block the attack.
 The fact that we are faced with the simple truth, that says that we are not so smart as we
thought.
The anger outcome is - shouting and screaming at everyone below us or any other person that
who we can shout.

One of the most popular “objects” for channeling our frustration is - the companies, that
provide us some kind of service because, most of the time they will not answer back.
This is the last phase of our bad trip, which I describe as the "the silent grief phase."
This is the phase in which we manage to understand and accept that there is nothing that we
can do besides of accept the reality, and understand that the attacker was smart enough to revel
in our weak spot.

The conclusion
The drama which was described is not so special or unique to a specific origination.
It happened all the time to many organizations.
The only difference between the events is the name and the faces of the people that are
involved.

The sad story about a Phishing mail attack and the sad end
Let me tell you a story that happened long long time ago in a distant land.
SCENE NUMBER 1
In our little story, your name is Jeff, and you are the CIO of a company that belongs to the
financial sector named – “Don’t do anything and hope that everything will work out by itself."
It's 9:30 in the morning; the sun is shining.

You're sitting in your office, drinking a cup of hot coffee (no sugar because you need to
maintain your weight).
You log on to Facebook, and start to watch some boring video of a dog or a cat, doing
something.

Your phone is ringing.
On the line is Suzan, the personal assistant of Brad, the company CEO.
Suzan is asking you to urgently come to Brad’s office.

Your gut feeling is telling you that something is wrong!
You enter the Brad’s room.
Brad asks you to close the door behind you.
The facial expression of Brad is grave and serious.
Brad says:
"Jeff, let's make it simple and straight-forward.
Yesterday, I got an E-mail message from David (David is the company CFO) that asked me to
deposit 500, 000$ in a specific bank account.
The purpose of the deposit was an initial payment for a big acquisition deal, which is about to
take place soon.”
This morning, after a brief conversation with David, I understand that I was a victim of an ugly
fraud!

1. I want my money back!
2. I want you to locate the persons that carried out this ugly fraud + report the information to
the police!

3. I demand to know - how can it be that our security infrastructure that costs us so much
money, didn’t recognize and blocked this attack, and I demand to know who to blame and who
is the person that is responsible for this disaster!

SCENE NUMBER 2
You can hear your heart pounding.

You Instantly call Billy (the company IT manager), and ask him firmly, to reach your office
immediately.
Billy enters your office.
You ask Billy to close the door behind him.

You inform Billy about the "mess," waving your finger in his face.
You inform Billy that you need instant answers and that someone will have to pay the price!

SCENE NUMBER 3
Billy rushes into his office, finds Bob (the Help desk manager), and informs him about the
"issue."

Billy asks from Bob to immediately call the IT company, which planned and built our mail
infrastructure, and inform them that they will have to provide an accurate answer to the
following questions:
1. How did the hostile element manage to hack our system despite the advanced security
infrastructure that was supposed to protect our mail infrastructure?
2. How to identify with certainty the hostile element, and locate the hostile element which
carried out the attack?
3. How are they going to compensate us for the Indignities and the financial losses?

SCENE NUMBER 4
Bob calls the technical support of the IT company that built our mail infrastructure.
Bob informs them about the incident that happened, and present the list of questions.

The "other side", explains that this problem is not related to "their side" in any way, and that the
responsibility for protecting the organization mail infrastructure from such attack, is the
responsibility of the organization that owns the mail infrastructure meaning, our responsibility.

After an exchange of harsh words, Bob disconnects the call and informs Billy that the provider
refuses to help us and in addition, blames us for the "mess".

SCENE NUMBER 5
Billy (the company IT manager) picks up the phone, and calls the technical support of the
provider who built the mail infrastructure.

Billy asks politely but firmly to talk to Stephen, the manager!
Stephen explains that this problem is not related to "their side" in any way, and that
responsibility for protecting the organization mail infrastructure from such attack, is the
responsibility of the organization who owns and manages the mail infrastructure.

After an exchange of harsh words, Billy disconnects the call.

SCENE NUMBER 6
Billy calls you (just a quick reminder; you are Jeff the company CIO) and reports on the
conversation with Stephen.
The bottom line – Stephen that represents the IT company that built our mail infrastructure
declares that – they are not willing to take any kind of responsibility for this mess!

You ordered Billy to immediately summon a conference call, that includes yourself, Billy (the
company IT manager) and Stephen.

You start the phone conversation with some statement about the fact that you have decades of
experience in the field (usually, the magic number is 15 years).

You continue to the "threats phase", and clarify unambiguously that if he (the provider) will not
take responsibility, provide immediate answers and solve the mess, you will fire him, sue him,
and in addition, publish negative information about his company on Facebook.

Stephen says that he is very sorry, that he understands my pain, but nothing he can do to help
us in this scenario.

SCENE NUMBER 7
Clumping you enter the director's office.

You start to stutter and mumble about security risks, cyber-attacks, the difficulty in dealing with
the risks and threats of the modern work environment.
Brad (your CEO) informs you that you will have drawn the required conclusions.

SCENE NUMBER 8
Two years passed since you have been fired following the unfortunate incident.
You could not find another job (because of age and other reasons).
Your financial situation is not good, and you get a call from the bank on a daily basis.
After many reflections and obsessive thoughts, you decide that….

SCENE NUMBER 9
The wind blows in your face.
You're standing on a high bridge looking into the abyss which pours down!
Good-bye crawl word!

THE NEXT ARTICLE IN THE CURRENT ARTICLE SERIES IS
Dealing with a Spoof mail attack and Phishing mail attacks | a little story with a sad end |
Part 1#9

Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (7)

Similar to Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9

Similar to Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9 (20)

More from Eyal Doron

More from Eyal Doron (20)

Recently uploaded

Recently uploaded (20)

Dealing with a spoof mail attacks and phishing mail attacks a little story with a sad end - part 1#9