Phishing attacks entered the scene when AOL still ruled the Internet. More than two decades later, cyber criminals continue to use targeted phishing techniques for one simple reason. They work. Specialized attacks, known as spear phishing, use personal details to trick victims into clicking malicious links or sending sensitive information.
For example, last year, hackers compromised the email system for an Ohio parish. After spying on email conversations, they posed as a construction company hired to complete parish renovations. Soon, the parish received an email, supposedly from the contractor, listing new instructions for payment transfer. In response, they paid nearly $2 million to a fake account.
Similar attacks have cost businesses and individuals millions of dollars. Even Google, Amazon and Facebook have fallen victim. And, while the attacks often involve requests for money, cyber criminals also use spear phishing to deploy malware and steal trade secrets or login credentials.
As in any war, understanding how your opponent operates will prepare you to mount an effective defense. In spear phishing, hackers first identify a target. Unlike basic phishing, which casts a wide net, spear phishing focuses on a specific person or group.
This personalization requires more effort, but it gives criminals a high degree of success.
Once the attackers have chosen a target, they study their prey by combing through social media and other online information. With minimal effort, attackers can learn a surprising amount. For example, they can discover where you live and work, who your friends are, the details of your latest vacation and even your recent purchases.
Armed with personal details, hackers customize an email, text or phone message. Typically, they pose as a trusted source, such as a legitimate business or a coworker. The content of the message includes specific details and most likely conveys a sense of urgency.
Finally, the attacker disguises the message so that it appears to come from a known sender. Unfortunately, cyber criminals have become quite proficient at spoofing emails or cell numbers. They may send from an email address nearly identical to a legitimate address, or they may actually take over a real account.
Cyber criminals will keep phishing, and they will use increasingly sophisticated tools to do so. But you can protect yourself from falling victim to most scams by following some common-sense tips.
Because spear phishing uses customization so effectively, it can prove difficult to spot. Strengthen your defenses with a comprehensive security strategy. eMazzanti provides a full suite of cyber security solutions designed to address threats on multiple levels. Protect your business with world-class firewalls, network security, 24/7 monitoring and more.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…