IdentityForce LogoIdentityForce Logo
Protect What Matters Most.
a computer belonging to a victim of a multi-tiered infection campaign
Posted on August 10, 2017 by in Identity & Privacy, Personal

The digital age we’re living in has become a time of outstanding growth, change, and technological advances. However, for all of the progress we’ve made, hackers and cyber criminals have also been improving and streamlining their strategies. Every time a new method for protecting information has been discovered, another hacker is diligently working to figure out some kind of work-around. And, at this point, they’re succeeding—according to digital risk intelligence broker Digital Shadows, 97 percent of the world’s largest 1,000 organizations had credentials exposed last year.

Why are hackers doing this? Because they can and there’s plenty of money to be made. Some will use the information to steal a person’s identity and take out credit cards and bank loans in his or her name, while others just focus on selling the information on the Dark Web.

In the quest to make more money, hackers have stepped up their games to compete with new security measures, as well as a more general ability among consumers to spot a blatant scam. One way they are doing this is by creating multi-tiered infection campaigns.

In the past, breaches, scams, and phishing attempts have appeared to be fairly one-dimensional. An email is sent, a phone call is made, or a system is broken into—then the information is stolen and sold or used steal the victim’s identity. With a multi-tiered infection campaign, though, there’s more to the entire process.

A recent Inc. article does an excellent job explaining how multi-tiered infection campaigns work. They used DocuSign’s data breach from May 2017 as an example of how cyber criminals are taking multiple steps to launch a “successful” identity theft initiative. Here’s how the DocuSign breach worked:

  1. DocuSign’s systems were breached and thieves only took customer email addresses.
  2. Thieves created fake DocuSign-branded emails and sent them to the owners of the stolen email addresses. The message tried to persuade the recipient to click on a Microsoft Word attachment; the attachment contained malware.
  3. While the exact purpose of the malware is not known for sure, it may have been to hack into the networks of any DocuSign customer using a corporate email. Once the customer opened the attachment and the malware went to work, the hackers may have been able to access another corporate email system.
  4. Once the cyber criminals were able to get into other corporate email systems, they could have the ability to send more malware-laced messages from real email servers—making their spoofed emails look even more real to unsuspecting recipients and increase their chances of getting around spam filters.

For consumers who have tried to do their homework on how to identify phishing scams and identity theft attempts, multi-tiered infection campaigns can be extremely frustrating. One of the telltale signs of a phishing email can be an email address that seems a little “off”—but what are you supposed to do when the email address is totally legitimate?

It is harder to identify a phishing scam when the thief uses a real email address, but the other rules of spotting a phishing email still apply. If you’re not sure what to keep an eye out for, take a look at our blog on the topic by security expert Robert Siciliano.