TLDR ↓The Bait: The attacker will cast a bait, a request that seems trustworthy. The Bite: The victim responds to that request, disclosing important information. The Yield: The attacker will abuse the information acquired in several ways.
> What Is Phishing
Phishing in the digital world is similar to fishing in the general public’s understanding, and it is very simple: The Phisher casts a bait, and waits to see who will bite. And just like fishing can cost a fish its life, Phishing can very well cost you your lifelong earnings or reputation or sometimes even more.
Spear Phishing is basically the same as phishing, except the target is different. While phishing is something targeted at an entire population, much like casting a net and waiting to see what fish is going to get tangled, spear Phishing is targeting one specific individual.
If a specific person in accounting receives an email that appears to be from their supervisor, that mentions them by name, that is probably spear Phishing.
“Whaling” is another term you may come across, and it is about the same crime, but targeting the highest-ranking officials and CEOs.
> How Is It Conducted
Just like any other crime, there are countless ways to conduct Phishing. But the most common attack vector is email. One that essentially tries to make you trust it, and instructs you to take some action that the attacker is waiting for. You might, for example, receive an email that says “This is your bank, your account has been locked for the suspicion of fraudulent activity; please log in to confirm your identity and approve or revoke the transactions that were made in your name”.
At first sight, one could just click the link provided and land on a page identical in design to that of the bank; one that asks for a username and a password. If you submit your credentials to that page they will be sent not to the bank, but to the person who set up that scam and they will then have complete access to your bank account as if they were you.
> What Could Happen
The Phishers could shop Amazon with your money, naturally, but they can also do more sinister things. They may request a new bank card with your name on it, but have it delivered to a mailbox they have access to, and use it at the time and place of a crime, placing you on scene and leaving you with the burden of proving your innocence and dealing with all the legal, financial and psychological strain that comes with such an experience.
The attacker, and depending on their purpose behind the attack, may just impersonate you to conduct crime or sell your information on the dark web to whoever may want to pay for it. A victim can lose much more than money if they fall to a scheme of this kind.
More recently, Phishing is being a successful attack vector to deliver ransomware, malicious codes that will encrypt all information on a computer and demand ransom in exchange of a “key” to reverse the encryption. Imagine a city that loses the information of their taxpayers or a hospital where doctors cannot access the medical history and information of the patients laying on their operating tables!
> Why So Dangerous
The high danger of such schemes is that the untrained eye could never tell the difference between a true warning email from the bank and a Phishing email. If you decide not to trust the emails you could miss something important and if you trust the email you may be jeopardizing too much.
Read my posts about Phishing, I have further advice on how to understand and protect yourself from this rather new attack method and please feel free to reach out and discuss all your questions!
Parents and Teens, Presented by Teenfosec.com
Mar 7, 2020 at 10am
North Royalton Library
We will talk about the dangers that our children face especially when they are given their first mobile phone. How to manage their new connected life and how they can protect themselves.
May 15th 2020 - Jul 15th 2020
This is an oportunity for those graduating high school soon to get a feel of the industry and see if Information Security will be something of interest for them.
Cool hacking will take place!
RESCHEDULED DE TO COVID19
DIY night - If You Can
May 10, 2020 at 6:30 pm
Panera, Parma OH.
We will present and demonstrate what each business owner can do to their compnay's infrastructure and how could they provide free training to their employees.
In this evening we will help you prepare a practical to-do list you can implement yourself for no cost at all.