Your employees are the weakest link in your cybersecurity chain and cyber criminals are well aware of this weakness. This is why they have shifted their focus from targeting cybersecurity systems, databases, networks and best dedicated servers to employees and top-level executives who can be trapped with social engineering attacks such as phishing.

Phishing is one of the biggest threats for enterprise networks, which is why web browsers, email providers and even email gateways use anti-phishing filters and malicious address scanners. This has forced cyber attackers to look for tactics to circumvent these measures and tweak their phishing attacks so they can be effective. That is why they are now using delayed phishing attacks as compared to phishing attacks.

You must be wondering what phishing attacks are, how they work, and how you can protect your business from them. In this article, you will learn everything there is to know about delayed phishing to keep your business safe from it.

What is Delayed Phishing?

Delayed phishing is an attempt to attract a user to a malicious, but seemingly innocuous, website by using a post-delivery weaponized URL. Here’s how it works: A user receives an email containing a link to a real web page that has already been compromised but does not have any malicious content on it yet. The anti-phishing algorithm allows the email to pass through as it detects nothing fishy. As soon as the email is delivered, the cyber attacker changes the site’s content with malicious content before it can be opened by the victim.

How Delayed Phishing Attacks Trick Anti Phishing Filters?

Cyber criminals use three shady tactics to fool anti-phishing filters that have been placed to detect phishing attacks.

• Simple Link
• Short Link Switcher
• Random short link

Let us look at each one in detail to give you a better idea of how it works.

Simple Link

This type of attack only works when hackers have total control of the target website. They could have hacked that website or hijacked it. In some cases, they even create a complete website from scratch to fulfill their malicious design. Most cyber criminals prefer hijacking reputable websites for delayed phishing attacks as they are already highly authoritative websites and are trusted by users. Since security algorithms tend to check websites based on their reputations, they can easily get away with fraud. When the message is delivered, the link it contains usually points to a 404 error page or irrelevant building or horticulture site.

Short Link Switcher

Long URLs can be a hassle for users. They are hard to remember and not great for sharing on social media with word count limits for posts. There are many URL shorteners you can use to shrink the size of your links and make them easy to remember and share. However, there is a visible flaw with link shorteners. Unlike long links, they do not tell you where the link points to. What’s even worse is that cyber attackers can easily tweak the content hidden behind the short URL, a loophole they exploit consistently. Even though the link seems to be pointing to a legitimate source, cyber criminals can clandestinely change that to a malicious one.

Random Short Link

There are many link shortening tools that enable probabilistic redirection. When you click on the link, it may direct you to a legitimate website or a malicious one, at random. This tactic is used by hackers to confuse crawlers.

When Links Become Deadly?

Cyber attackers time these delayed phasing attacks around midnight, since they know that most victims would be fast asleep in the middle of the night. This gives the transgressors plenty of time to convert the delivered message content into a malicious one. When the victim wakes up, the email containing the link has already been delivered to their inbox and is waiting to be clicked.

Cyber criminals make sure to scrutinize the schedules of their victims and then launch the delayed phishing attacks accordingly. They usually activate the malicious link at a time when a victim is most likely to open their email inbox. Invest in cybersecurity training and awareness programs to educate your employees about these types of phishing attacks and tactics so they can be in a better position to protect themselves from any infringement.

How to Identify Delayed Phishing?

The easiest way to prevent delayed phishing attacks is to block the phishing link from reaching the users. Periodic scanning of the inbox can be an ideal choice as it can easily detect delayed phishing attempts. Make sure that your security suite is integrated with your email server so it can easily detect malicious messages. Keep the scanning frequency high so it can identify multiple delayed phishing attempts post-message delivery.

Monitor the internal emails as well, especially ones that pass through a security gateway. These are the messages that can go undetected unless you implement stringent content filtering rules. Some hackers try to compromise the business emails of top-level executives to gain access to corporate email accounts. This is where you need to control internal correspondence and make re scanning a priority.

Conclusion

Social engineering attacks, especially phishing and spear-phishing attacks, succeed due to a lack of user awareness and monitoring. Delayed phishing is no exception. You can easily prevent your employees from falling prey to delayed phishing by continuously monitoring and scanning their inboxes and educating them about social engineering attacks. The more aware your employees are about these types of attacks, the less likely they are to click on malicious links. Developing an understanding of how this attack works will go a long way towards developing effective strategies to mitigate their occurrence.

How do you protect your business from phishing attacks? Let us know in the comments section below.