Phishing has come a long way from the days of poorly written emails and obvious scams. Today, attackers are leveraging the trusted Rich Text Format (RTF) to create sophisticated phishing campaigns. RTF, a file format that has been around since the 1980s, is now being used to bypass modern security systems, making it a new frontier for phishing attacks.
These attacks are not just increasing in frequency but also in sophistication. In March 2024 alone, over 6,700 RTF phishing attacks were detected by a leading email security firm Ironscales, highlighting the urgent need for businesses to understand and mitigate this emerging threat.
RTF files have long been considered safe, often bypassing standard email security filters. This legacy status makes them an attractive vehicle for cybercriminals. Unlike newer file formats that are closely scrutinized, RTF files can slip through the cracks, carrying malicious content undetected.
Moreover, RTF files can be easily manipulated to include hidden malicious links and advanced HTML and CSS tricks, making them a phisher's best friend. This manipulation not only fools automated scanning systems but also lures unsuspecting employees into opening the files.
The anatomy of an RTF phishing attack is a masterclass in deception. It starts with an email that appears to be from a legitimate business contact, often containing a routine business document like an invoice. The attachment, an RTF file, is named using the targeted company's domain to build trust.
Once opened, the RTF file reveals its true nature. It contains hidden malicious links, cleverly disguised using URL manipulation techniques such as embedding malicious URLs within legitimate-looking domains. Advanced HTML and CSS tricks further hide the malicious content from security scanners, making detection extremely challenging.
Phishing attacks are as much about psychological manipulation as they are about technical trickery. RTF phishing campaigns exploit the urgency of business processes, particularly around financial documents. Employees are more likely to act quickly on what appears to be an urgent invoice, especially if it seems to come from within their own organization.
The attackers use professional business language and formatting, including legitimate-looking business details, to make the emails appear genuine. This psychological engineering leverages business urgency and trust in company-specific information to deceive even the most cautious employees.
To defend against this sophisticated threat, businesses need to adopt a multi-layered security approach. Start with educating your employees about the risks and signs of RTF phishing. Regular training sessions can help employees recognize suspicious emails and attachments.
Additionally, enhance your email security systems to scrutinize RTF files more closely. Implement advanced scanning techniques that can detect hidden malicious content within these files. Finally, consider employing robust financial transaction verification processes to ensure that all invoice-related communications are legitimate before any payments are made.
As always, Sentry is here as your guide through the muddy waters of what the best thing to do is for your specific business. Reach out today to start the conversation.