Delayed phishing: discover the new tactic used by cybercriminals
It’s the same old story: cybersecurity is a game of cat and mouse. While IT professionals work tirelessly to ensure the safety of our information, criminals keep coming up with ways to overcome these protective barriers. A clear example of this is delayed phishing, a new means to deliver malicious e-mails that is becoming a hit among online criminals due to its efficiency.
And as strange as the name may seem, it is pretty accurate. In this scam, the message content is replaced with a malicious version only once the e-mail has been sent. Aware that companies protect themselves from traditional phishing scams through services that scan messages in search of suspicious content before delivery, some cybercriminal thought to himself: well, well, well, if the “problem” lies in the scans before delivering the malicious message, all that needs to be done is to send an apparently safe message, with links to normal pages and then change the content once it’s been delivered. Bingo!
Wolf in sheep's clothing
In short, delayed phishing manages to go unnoticed by the tools used to detect suspicious content in e-mail messages because when they are actually delivered, they don’t direct the recipient to any malicious content. Generally, they contain links to blank pages or a legitimate site that has been hijacked. The latter is a favorite among cybercriminals since the site probably already has a positive reputation and will pass through the filter with extreme ease. Finally, the message arrives in the inbox.
Hours later, the linked content that was originally harmless is updated and made malicious. But by then it’s too late. The user is likely to click on the link, assuming it’s a credible message. In most cases, the user is directed to a fake page simulating a famous brand or to some form that uses an argument to obtain and then steal your personal data. This change in content is usually performed at night.
Continuous monitoring
Despite it seeming tough to beat delayed phishing, there are already tools to protect client e-mails, which run continuous scans to identify malicious content. In other words, instead of simply analyzing a message when it arrives in the inbox, platforms monitor the e-mails continuously and immediately detect when any alteration is made to the content that is already stored locally in your inbox.
Additionally, it’s important that you, the end user, double your attention when it comes to suspicious e-mails, since, like traditional phishing, delayed versions may also present indications that you’re about to fall into a trap. Pay attention to the sender’s domain and other details like spelling mistakes or low-resolution images.