Cyber in every fiber – Lets go Phishing
Welcome back to our Cyber Blog.
As Phishing in the most popular way to get into a business let’s talk about that today.
For those that do not know about Phishing here is the brief explanation, The most common type of phishing is a simple email claiming to be from someone that plausibly needs information from you in order to accomplish something that is of benefit to you.
Mostly there are claims of funds that need to be transferred to your bank account, fines that need to be paid to keep you out of jail, requests for tax and financial documents or just about anything else that would result in you sending the attacker whatever they are asking for.
So now let’s just go into the different types of Phishing and what these attacks look like.
Spear Phishing
Spear Phishing is a targeted form of phishing. In a spear phishing attack the attacker has some information about you before they send you anything. They monitor your social media presence to see if you post anything about recent purchases. They keep an eye out for any mention of online retailers you’ve shopped at, products purchased online or even dating sites.
If you tweet that you just bought the newest iWatch from Apple, they have bait for their trap. Because they are already watching your social media presence, they know a bit about you.
They can then use their knowledge of you to craft an email claiming to be from Apple. This email may claim that there was a problem with your credit card for your recent purchase and that you need to fill out their online form to verify your card information.
Whaling, or CEO Phishing
Since the whole point to phishing is to gain unauthorized access to information, why not phish those who hold the keys to the most information. Attackers who target high level executives in corporations do so to gain access to the email account of someone in authority. With full access to that account they can gain access to any employee’s information, initiate fraudulent transactions or just about anything in any department of the company.
Phishing to deliver ransomware
As mention in previous blogs Ransomware increased from about the year 2016 and it is estimated that ninety percent of phishing emails carried some form of ransomware. While the goal of phishing is to gain access to information, the attackers are starting to bundle a ransomware package to up their income from these attacks.
The attackers believed that anyone who is gullible enough to fall victim to phishing is also likely to pay the ransom when their files and photos have been locked up. Unfortunately, they were correct.
In our next blog find out how to stop/Prevent Phishing