Scammers Invoke “No Such Agency” in latest spear phish

Finally! I can post a quick update without my usual “opinions are my own, this has nothing to do with my job” etc. disclaimer.

This actually DID come out of my workaday life, but I thought I’d share it here too.  We just posted on the Cyveillance blog about a new phishing attack that invokes both the NSA and the recent punking of RSA’s ubiquitous two-factor authentication tokens.  What I like about this one is it is a nearly perfect example of what Terry Gudaitis, James Carnall and I have been teaching in our Cyber Safety courses for years now.

Going back to On Rhetoric, my man Aristotle basically codified three ways you can manipulate people into doing what you want.  He called them Ethos, Pathos and Logos.  Given the head-tilt-blank-stare one usually gets referencing the classics these days, we now put them on slides as “invoking authority”, “leveraging emotions” and “manipulating verifiable facts or logic” to get someone to do what you want.  When you do it over a phone or computer, it’s called Social Engineering and it’s what I spend most of my days thinking about.

I like this particular example (and by like I mean I can admire the quality of their craft while still wishing the Phishers a cold small room in a ‘pestilential prison with a life-long lock’) because it so artfully blends these three levers of manipulation and as such is a nice representation of how deeply spear-phishers understand the psychology of social engineering users.

It invokes the authority of a respected and mysterious government agency (Ethos), it uses fear of being hacked or getting “in trouble” at work to prompt action (Pathos), and it takes advantage of current events in the form of the widely reported (i.e. verifiable fact) and recent RSA token hack (Logos).  This is a potent cocktail of logic, emotion and authority to manipulate the user into a desired action, and is typical of today’s advanced Phishers.

See the full post and a picture of the bogus message at:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: