Polymorphic phishing is a type of email phishing attack that has been used since around 2016. Initially, it automatically generated thousands of different URLs leading to malware pages as a way to beat anti-phishing defenses. Now attackers send infected emails asking recipients to click on a link to download a PDF or app as a way to lead them to malware sites. Attackers can send the same email to a different recipient with a slight change in the subject line or sender address to bypass anti-malware or phishing tools. According to a global survey conducted by security researchers, 42% of all phishing attempts in 2020 were due to polymorphism.
Why polymorphic phishing works
Polymorphic phishing is an advanced form of phishing that tricks signature-based email software by making slight changes to email components, such as modifying the sender name, sender address, subject line, email body, or signature. This form of phishing is highly effective and easy for cybercriminals to deploy. It is difficult to catch as these phishing attacks trick signature-based email security tools, allowing various versions of the same attack to go undetected. As polymorphic phishing slightly changes the message, malicious emails can bypass controls that might have stopped previous versions of the phishing attack.
SEE RELATED: Phishing Attacks Wreak Havoc on Healthcare Providers
How attacks are carried out
Polymorphic phishing attacks start small and target a small number of employees. Once one employee falls for the phishing attack, the cybercriminals have access to an organization’s network. The hackers use this access to send a polymorphic attack to other users in the same network. The malicious email comes with a link or attachment that will redirect an employee to a spoofed login page. Employees who are not informed can fall for these phishing attacks by providing their company login credentials on the spoofed page. By the time a polymorphic phishing attack is underway, the compromised accounts cannot be blacklisted as they come from within the organization. As more accounts are compromised, it becomes more difficult to contain this type of attack.
How polymorphic phishing can be prevented
One reason polymorphic phishing is successful is due to a common display name spoofing technique that changes the sender name to appear that it comes from a trusted source, like a person of authority within a company or a colleague. Healthcare organizations can combat these attacks with Paubox Email Suite Plus, which includes ExecProtect, our patented solution that fights display name spoofing emails by keeping them from reaching the inbox in the first place. Paubox Email Suite Plus also allows healthcare providers to send HIPAA compliant email by default directly to a patient’s inbox by seamlessly integrating with your current email provider, such as Google Workspace or Microsoft 365 .
SEE RELATED: 7 Common HIPAA Violations You Need to Avoid
The importance of strong email security
The only way to ensure protection from a data breach and subsequent HIPAA violation is to have solid cybersecurity protection that includes email security. Paubox Email Suite Plus ensures that your messages and patient information are protected from breaches. We include a business associate agreement (BAA) with all of our plans. Our HITRUST CSF certified software offers customers and their patients assurance that their information is protected.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.