We all have read the memos: “Beware of Phishing attacks, follow these tips to stay safe …”
- Look out for misspellings, and bad grammar.
- Beware of generic; non-personalized titles.
- Do not open attachments from people you do not know.
While these are good tips for general email safe-keep, they are largely ineffective. Why? Because the most critical attacks won’t appear to be from a stranger. They won’t be non-personalized or contain misspellings. The most dangerous attacks are specifically targeted to an individual or individuals within a company.
These attacks are crafted after tons of research on the intended victim. The attackers are sneaky, highly personal, smart – and have very good English. And once successful, obtaining a single wire transfer, or personal social media account won’t cut it. They use Phishing to infiltrate the digital heartbeat of a company – leaving them open to malware, ransomware, and data theft. Phishing is the starting point for a staggering 91% of attacks cyber attacks.
To set up these malicious emails, the hackers must find pertinent information to legitimize the attack.
Below are few questions a Hacker might ask; and where he/she would look for answers.
1. Who works together in the company?
Hackers want to “build trust” with their victims, so an email from a stranger often won’t cut it. However, an email appearing to be from a colleague’s personal email that was “sent from iPhone,” or a company’s IT department might be enough. Even better, sending a spoofed email address coming from a colleague’s company email is effective.
Found on: LinkedIn, Company Website
2. Which colleagues are located in separate parts of the country/ world?
Because of the internet, people can collaborate while being many miles apart. This means a hacker can be communicating with their target’s colleague without the heist being blown by an in-person discussion. This can also prove effective because of work-hours and time-zone differences.
Found on: LinkedIn, Company Website
3. What are the current company objectives?
Company objectives are important to identify so that a hacker can build a story around their attack. Like a salesperson, they will recognize the pains that individuals face while customizing and personalizing the messaging to make the victim feel absolutely comfortable moving forward.
Found on: Press Releases, White-papers, Job Postings, Company Website
4. What is some relevant and recent industry news?
Like understanding the company objectives, the hacker needs to have good knowledge of the industry they are targeting – especially when deploying a multilayer attack. Without deep authenticity, the attack can fall in the realm of an obvious red-flag.
Found on: Blog Articles, Twitter, Facebook, Google Alerts
5. What type of software does the company use?
This is important for the hacker so they know what data can be compromised. Does your team use cloud computing applications like SalesForce, for example? Bad guys would love to have those credentials. Even without using a Cloud-based service, obtaining certain login credentials can help create a point of entry for a greater intrusion power.
Found on: Job Postings, Company Website
To stay safe, remain mindful of what information is out on the web. Check emails and URLs thoroughly, and be sure to report things that seem “phishiy,” always.
Understanding how a hacker performs his tricks, helps keep the would-be victim from falling for them. At Core Orange, our training strategy teaches people the tricks the bad guys use so they have a full understanding on how to prevent them.