• by Ray Schultz , February 8, 2018

Cyber hackers have another devious way to spread malware -- they make victims believe they’re connecting by email with people they know, according to an advisory by AppRiver, an email and web security firm.

It begins when they send  an email with a web link, the latter often embedded in PDFs. The goal is to get the victim to click on the URL and to enter their information in a login page. The email often appears to come from a trusted provider.   

Once the attackers have their hands on the person’s login credentials, “they have the ability to launch malware attacks from the trusted accounts of their victim and do not have to rely on the same social engineering tactics they normally do.”

AppRiver continues: “From the compromised account, the attacker then hijacks ongoing email conversations by sending a malware attachment in a REPLY to a prior, legitimate email conversation. To the end user, the message comes quite naturally as they were having a back-and-forth exchange with the individual.”

As ZDNet observes in a headline, this form of attack “steals your email and then fools your friends into downloading malware.”

AppRiver saw a major increase in phishing in 2017, much of it designed to “gather users’ login credentials to their preferred email provider. Ultimately attempting to compromise Office365, Gmail, Yahoo, AOL et al.”

The firm wondered what was next, and it found out in the autumn. Since January 1, it has recorded 34,000 of these CHA, or second-phase attacks — “an unparalleled spike,” it says.