Phishing Emails In Unusual Book Publisher Targeting Ploy From Guy Bunker

By   ISBuzz Team
Writer , Information Security Buzz | Oct 18, 2018 11:30 am PST

Following the news that several Global book publishing houses and an international scouting agency have warned their staff of a flurry on phishing emails that seek authors’ and phishers’ sensitive information, including book manuscripts.

Dr Guy Bunker, SVP of Products at Clearswift:

Guy BunkerPhishers are now targeting book publishers because it is just another way to make money from stealing access. It might be to threaten leaked information (from a bestselling author) and holding them to ransom. It might be to sell the manuscript to another publisher in a different part of the world. It can even be used as a next stage phishing campaign for fans of the book – ‘preorder with credit card details and receive the rest of the first chapter’. Of course, if the information the cyber criminals can get includes the author’s personal details then this too is useful, either to go after the author or impersonate them. For example,  for those who have published books, there could be a request to change the account where royalty payments are made.

 It is difficult for the user to prevent themselves from becoming a victim as they are not at fault by letting their information fall into unauthorised hands. However, they should remain vigilant for abnormal activity on their accounts – just in case they become compromised. As with any service an individual signs up for, it is worth ensuring that the service provider (book publisher in this case) has good information protection policies and procedures in place.

 In this case the phishing is primarily through impersonation or Business Email compromise (BEC). Education / Awareness is key to employees understanding the risk being faced. Organisations need to have a process in place so employees know who to go to should they suspect a phishing attack or believe they have fallen for such an attack. Finally, organisations should consider technology to enforce polices and processes and to keep the employees safe. From an email perspective this could be to ensure that an email security gateway is used which has specific features to prevent phishing and BEC. For example all external emails could be annotated with the fact that they are coming from external sources – or they could be quarantined if the displayed senders address is different from the one actually being used by the system (under the covers.) Additional rules can be set up to highlight email which is supposedly coming from authors / executives but which is not using their usual email address.

Phishing and the more directed whaling, minnowing and spear phishing is still rife. BEC is rapidly growing and more ‘successful’ in terms of fraud than ransomware. While phishing has been around for a relatively long time, it is become more sophisticated and organizations need to be more proactive to detect and prevent it from having an impact on their businesses. In a world where GDPR is now enforceable, a simple phishing attack could result in the exposure of personal details which in turn could result in a substantial fine, 20MEUR or 4% of global turnover. Putting in place a solution to mitigate the risk from phishing / BEC is just as important, or even more important, than ever. For those with email security gateways, ensure that all the anti-phishing features are enabled, including functionality like SPF,  DKIM and DMARC. As with all cyber-criminal activity there is no ‘safe’ industry or organization size – everyone is a target.”