What does Ronald Regan have to do with security breaches?
Ronald Regan Phishing Attack
The answer appears to be an issue in Gmail. It is a failure of their servers to catch an external email that appears to be spoofing as an email sent from the companies email account. We have seen similar attacks in the past like company executives requesting financial information and employees responding. The unusual thing about the Regan attack is that it getting past a server check that identifies the validity of email and normally turns on an indicator that the email is ok.
The interesting thing about this in the article linked below is that this problem appears to be even worse for O365 mail users.
So why is it the Regan attack because it has links that send readers to a website in the name of the former president. For more details of how the attack works see the article from AVAN cloud security written by Yoav Nathaniel.
The “Ronald Reagan” Attack Allows Hackers to Bypass Gmail’s Anti-phishing Security
We started tracking a new method hackers use to bypass Gmail’s SPF check for spear-phishing. The hackers send from an external server, the user sees an internal user (For example, your CEO) and Gmail’s SPF-check, designed to indicate the validity of the sender, shows “SPF-OK”. Why are we calling this “The Ronald Reagan Attack”? Several of these attacks originated from reagan.com, a website that offers a private email with the domain name of Ronald Reagan, the 40th president of the United States, …
Source: The “Ronald Reagan” Attack Allows Hackers to Bypass Gmail’s Anti-phishing Security
A security story brought to you by the tech guys at E2 Computers in Tarpon Springs, and on the web @www.end2endsupport.com
