DNS whitelist with Sandbox Browser
DNS whitelist with Sandbox Browser
  • Product
  • Solutions 
    • Remote Working
    • Stop Ransomware
    • Firewall Boosters
  • Knowledge Center
  • Resources 
    • About Us
    • News
    • FAQ
    • Sign In
  • …  
    • Product
    • Solutions 
      • Remote Working
      • Stop Ransomware
      • Firewall Boosters
    • Knowledge Center
    • Resources 
      • About Us
      • News
      • FAQ
      • Sign In
    Start Free
    DNS whitelist with Sandbox Browser
    DNS whitelist with Sandbox Browser
    • Product
    • Solutions 
      • Remote Working
      • Stop Ransomware
      • Firewall Boosters
    • Knowledge Center
    • Resources 
      • About Us
      • News
      • FAQ
      • Sign In
    • …  
      • Product
      • Solutions 
        • Remote Working
        • Stop Ransomware
        • Firewall Boosters
      • Knowledge Center
      • Resources 
        • About Us
        • News
        • FAQ
        • Sign In
      Start Free
      DNS whitelist with Sandbox Browser

      When Amazon offers you a job

      Cyber criminals use Linkedin and Amazon brand name in new phishing attack

      · phishing,amazon,linkedin

      What would you do if you received this message on Linkedin?

      broken image

      Phishing attacks are a nightmare for security managers, and for good reasons. The vast majority of successful breaches  (over 70% according to research) starts with a phishing attack. Compared to other attack vectors, phishing is less costly and easier to execute on a large scale. And because it relies heavily on human error to succeed, it is harder to prevent. Software tools and staff training do help but some attacks seem so well built it is easy to see why we all are potential victims. In this case, it takes only one tired office worker, maybe at the end of their shift, maybe unsatisfied about the current job, to fall for this scam.   Allison Charnews looks like legit employee at Amazon, offers you a job via DM, as a C-Suite executive, nonetheless. Her Linkedin account states she is indeed an employee at Amazon. This sounds almost too good to be true, but wouldn’t you at least want to check the job description? When clicking on the link to see more details about the JD, we are sent to a lookalike M365 login page. We input our credentials, and we are shown the job description: 

      broken image
      broken image

      Except that – that was not the real M365 login page and we just provided our M365 credentials, and to all our M365 data (emails, files, chat, possibly third party apps and so on) to the attacker. 

      Are we helpless against phishing?

      The problem is that our eyes are very easily deceived and we likely did not notice the URL on the M316 lookalike site was not on outlook[.]office[.]com. Unfortunately, traditional web-filtering via firewall or avdanced anti-virus might also have likely failed us in this case as it is unlikely they would have had dsdstaffing[.]cc on their blacklist.  This is why at AP Lens we have reversed the approach.

      The game changer 

      Instead of focusing of trying to identify unsafe sites in order to block them, AP Lens goes the other way. 

      In a work environment, employees tend to spend most of their time on a relatively small number of sites. These websites are whitelisted by AP Lens, and users can browse them as usual. Other websites, that haven’t been vetted, and might potentially be unsafe are visualised on the user device via AP Lens sandbox browser running on a cloud server. In the case above, if the user is protected by AP Lens, before being redirected to the attacker’s website dsdstaffing[.]cc they will be warned they are about to visit a non vetted / whitelisted site on which it is not recommended to input any credentials if asked. The user will have also been made aware that they are not on the real M365 website, which they can open without being redirected.  

      Update: 

      Turns out, Allison’s Linkedin profile itself had been hacked in order to perform this attack – as stated on their Linkedin page a few days after the attack had been reported to us:.

      broken image

       

       

      How it works video? 

       

      Subscribe
      Previous
      Metamask credentials targeted by phishing attack
      Next
      Best Way To Secure Synology Nas Over Web in 2022 -...
       Return to site
      Cookie Use
      We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
      Accept all
      Settings
      Decline All
      Cookie Settings
      Necessary Cookies
      These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
      Analytics Cookies
      These cookies help us better understand how visitors interact with our website and help us discover errors.
      Preferences Cookies
      These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
      Save