That’s right, the 1800s’ most popular form of telecommunication is making a comeback, and it wants your security information.
How it works
Phishing relies on tricking readers into opening up a seemingly legit email, clicking a link, and entering their personal details to be harvested. The problem is email readers everywhere are increasingly savvy to the scam, if the email even makes it through the spam filter at all. One particularly targeted phishing campaign is rising to the challenge, according to a new report out from info-sec publication BleepingComputer. The attack starts with an emailed HTML attachment that looks like an Excel invoice for the company it’s addressed to. This attachment uses JavaScript to map letters and numbers to Morse code, the communication system that uses a series of dots and dashes to represent each letter in the alphabet. Once a password is entered, the phishing attack has been successful. While the level of sophistication at work here is debatable, there’s no arguing that it’s a novel approach. The email is modified so that the attachment file matches the company name, and it uses the logo.clearbit.com service to insert the correct company logo into the fake login form. If there’s no logo, the generic Office 365 logo is used instead. But while Morse code is unlikely to take off, plenty of other phishers are actually posing a danger to individuals as well as businesses. And it’s an arms race when it comes to online security, with email clients shoring up their spam filters on one hand while phishers come up with new phrases or code substitutions to slip past those filters on the other hand. Ultimately, there’s no one perfect solution, though the right tips can help: Look at the URLs in the emails, check email addresses carefully, and employ two-factor authentication to ensure that even if your password leaks, the phishers won’t be able to use it. Finally, grabbing a good password manager for a few dollars a month can go far towards protecting you.
