I remember as a child I would go with my brothers to find fishing worms. We knew the pickerel liked worms, and we always had luck catching them in our favourite fishing hole behind our house on the river. My dad, on the other hand, would take those small coloured marshmallows along when he went fishing for lake trout. Apparently, lake trout also like those little coloured marshmallows! My dad had great luck using marshmallows as bait (I bet satisfying his own sweet tooth as well). The key to catching fish is to know what they like and have let them take the bait.
In the Cyber Security world, Phishing for information is very similar to fishing. Phishing is using something someone will bite on (eg. click on, log into) to give up useful information, like credentials, to the criminals Phishing. Cybercriminals know where to find their prey, know what they are likely to bite on and have a mechanism to collect that information.
Cybercriminals have the sophistication and intelligence-gathering operations to be highly effective at obtaining highly sensitive credentials and access financial transactions.
Phishing today can be difficult for people to identify, especially when the victims are targeted well. I was nearly fooled when I was quickly skimming over messages and I saw an email from an industry colleague that had a link to news about the latest cyber threat, I clicked on it only to see my Security tools popup and block that action! BUSTED! What saved me was having the latest security tools (intelligence-driven tools backed by deep learning and analysis). Tools like this are essential to protect us in today’s crazy world.
Cybercriminals are very sophisticated, and they have intelligence gathered on their audience and know what they will bite on. I saw a good example on Facebook in September where a message came in my messenger with a link to a video where the caption was “Is this you?”. Then when you clicked on the link you needed to “log in to Facebook” (on a mimicked Facebook site designed to steal your credentials) to access the video. Many people ended up handing over their Facebook user name and password. Very effective on a social media platform where people are anxious to see what their friends are sharing them. A well-executed ‘Social Engineered Attack’ based on human curiosity. (You need Multi-factor authentication – more on that in a future post).
We need to recognize Phishing as a serious threat to the security of our company assets. Do you have the training material to educate yourself and staff to identify phishing emails/sites and take appropriate actions? Is this overwhelming and frustrating? Feel free to reach out to me and my team. We would be happy to have a conversation with you about Phishing. We can demonstrate training and testing platforms which you can use to protect your organization.
Stay Safe and Secure.
Jeff S Brodie
Managing Partner – Codefusion Communications Inc.
Book a free consultation call with us?