Cybersecurity Alert: Xrishing - A Dangerous New Attack

April 6, 2016

Threat Details

You may know that you should not open email attachments that you aren’t expecting, but what if you are expecting a document from a seemingly valid source?

Phishingis a type of social engineering attack in which an attacker sends e-mails to a broad group, not targeting you specifically. Spearphishing is when an attacker uses information about you to disguise the e-mail as legitimate, often much more convincingly than a phishing e-mail. Voice phishing, or vishing, is a similar type of attack, performed by phone, where the attacker attempts to collect information during a phone conversation.

A new, more dangerous type of social engineering attack has been identified which involves both vishing and spearphishing. The attacker first uses vishing techniques to gather personal information and then follows up with a spearphishing attack. ACA Aponix has named this type of attack xrishing (pronounced "krishing").

Threat Example

An attacker will contact you by phone, claiming to be from an organization, town, subscription, hospital, club, vendor or any counterparty with which you are affiliated or have conducted business. The attacker will not ask for any information about you, but will rather provide some information they know about you, such as your address. Once they have your attention, they’ll ask to send you information via e-mail, as an attachment. This attachment, when opened, will execute a macro containing malware.

ACA Aponix Recommendations

ACA Aponix recommends taking the following precautions when dealing with telephone calls that use or request personal information and with emails containing attachments:

  • Initiate contact using verified contact information where possible (e.g., call the caller back at a known number);
  • Be wary of all attachments;
  • Never enable macros on Microsoft® Office® documents;
  • Consider using alternatives to mainstream, highly targeted software such as Adobe® Reader®.

Please reach out to us if you have any questions: