Imagine that you’re heading into work with a serious case of the Mondays. Sleepy, irritable, and, seeing as it’s the middle of August, unbelievably busy. You sit down, log into your computer with a cup of coffee, and begin sifting through hundreds of emails from over the weekend. Most of them junk, but then one catches your eye... “URGENT! ACTION REQUIRED NOW!”. With your mind in a different world, thinking of a million and a half different things at once, you read something about your account information needing to be verified by Microsoft and to click this extremely important looking button “ASAP!”.
Now, if you’ve made it this far, and you’ve clicked the button, a couple things could happen:
- A landing page opens on the other end of that button, prompting you for your account information on a seemingly legitimate webpage. You’d enter your credentials and then… nothing. (Well, technically, you’ve just sent your credentials to a hacker’s command and control server, but on your end it certainly looks like nothing.)
- The button links to a website that is hosting all kinds of nasty software that is promptly downloaded, installed, and run on your machine, causing all sorts of other problems.
Or both. Threat actors love grouping up their malicious activities.
In either case, you’ve just become a victim of one of the most prevalent and dangerous attacks in a hacker’s arsenal: Phishing. Don’t feel bad, though. It happens to all of us at some point. Phishing attacks are specifically designed to catch people unaware, when they’re busy, or trick them into acting with urgency that may dull their judgement. If a malicious actor isn’t simply throwing out the widest net that they can, then they may even go as far as to research roles of personnel at the company, their busiest season, and other specific details that may make their attacks more believable.
There is another type of phishing, known as Spear Phishing, which is the exact opposite of the “cast a wide net” approach, where they only send a handful of intensely focused attacks at specific targets. Usually, the research of their targets is vital to the success of the attack. They make up for the work it takes to go after specific users by ensuring that their victims will be of the highest value possible. There’s a lot of information pertaining to this specific topic, and if you’re interested in reading some tips from security experts, see the full article from Symantec HERE.
You must be logged in to post a comment.