This happens more often then not. Have you ever received an email saying that your account has been attacked? Then they ask you for your username and password to verify your account. More and more of these emails appear in our email boxes. Making us more paranoid then the day before the email. We look over our shoulder and jump at shadows on the wall. We are going to explore this simple but sinister attack.
When you think about Fishing what are you doing? Well you are presenting bait to a fish and hoping that they will see it as food. Then when they try to get the food you hook them. Well in a phishing attack the hacker is doing the same thing. But, they are looking at making you feel uncomfortable. Making you take action now. The present you with a fake company email with a link to click to enter your user information. This happens a lot for companies that store your banking information or credit card information. Most of these messages cause urgency to the receiver. So, they don’t read the message thoroughly thru. They just see that the message is from their bank or financial institution. They feel that the message is legit so they click the link. Wham !!! You are hooked. The website is a splitting image of the banking website. So the next step is to put your information in to gain access to your accounts. At this point you have taken the bait. Now the website that you are directed to may come up or display that the website is not found. What is lurking in the shadows is what causes the damage.
Beware of the bait the food is not delicious and can include:
1. Viruses – by clicking the link you may have released a nasty worm know as a virus. Viruses are also known as “Malware”. These nasty little programs infect your system by reproducing. They can destroy data, send SPAM from your account, and so many other bad things
2. Trojan Horses – These are also known as backdoors. If you remember the story of the fall of Troy. The attackers sent a gift to Troy and in the gift were a legion of soldiers. So, a Trojan Horse is disguised someone useful but has a payload that is released giving the attacker access to your information.
3. Root Kit – Root kit is a virus that gives the hacker administrative access to a computer without being detected. This invasion gives the hacker with full access to the computer. This can be used to stealing or falsifying documents, the ability and also concealing password hacking , keyloggers and more.
4. Spyware – Spyware is used to capture information from the unsuspected user which could be passwords, usernames, bank account information and sensitive information. Spyware can be used as adware, where the software delivering popup ads including tracking information.
Spear Phishing is another type of phishing that is directed at a specific individuals. Spear phishing or Whale phishing is directed at senior executives. This is usually used for financial gain. Spear phishing often masquerades as a legitimate email prompting the user to respond with sensitive information or click links that install malicious software that infects the computer with some type of payload.
Again, they all show up as a legitimate email but is just bait to encourage you to click the link.
In above graphic, you should see that they email is supposed to be from Microsoft. This looks legit. But if you look at the from email address this will be the give away. The email address is spelled incorrectly. So, some the ways to mitigate against phishing is :
- Look at the email address – if the email address is spelled correctly. If it is not spelled correctly do not pass go.
- Know that you are being phished – if the email address is coming from a company, then verify the email. Slow down and look at website and the email address.
- Implement perimeter blocks for known threat indicators
- Remove malicious emails from targeted users mailboxes on email indicators
- Identify recipients and possible infected systems
- Educate your users
Hopefully this article has opened your eyes to this growing attack. If you want to see more then download our free report on the Top 10 Security Attacks.