I remember as a child I would go with my brothers to find fishing worms. We knew the pickerel liked worms, and we always had luck catching them in our favorite fishing hole behind our house on the river. My dad, on the other hand, would take those small colored marshmallows along when he went fishing for lake trout. Apparently, lake trout also like those little colored marshmallows! My dad had great luck using marshmallows as bait (I bet satisfying his own sweet tooth as well). The key to catching fish is to know what they like and have let them take the bait.
In the Cyber Security world, Phishing for information is very similar to fishing. Phishing is using something someone will bite on (eg. click on, log into) to give up useful information, like credentials, to the people Phishing. Cyber criminals know where their prey is, know what they are likely to bite on and have a mechanism to collect that information.
Cyber criminals have the sophistication and intelligence gathering operations to be highly effective at obtaining highly sensitive credentials and access financial transactions.
Phishing today can be difficult for people to identify, especially when the victims are targeted well. I was nearly fooled when I was quickly skimming over messages and I saw an email from a an industry colleague that had a link to news about the latest cyber threat, I clicked on it only to see my Security tools popup and block that action! BUSTED! What saved me was having the latest security tools (intelligence driven tools backed by deep learning and analysis). Tools like this are essential to protect us in today’s crazy world.
Cyber criminals are very sophisticated, and they have
intelligence gathered on their audience and know what they will bite on. I saw
a good example on Facebook in September where a message came in my messenger
with a link to a video where the caption was “Is this you?”. Then when you
clicked on the link you needed to “log into Facebook” (on a mimicked Facebook
site designed to steal your credentials) to access the video. Many people ended up handing over their
Facebook user name and password. Very
effective on a social media platform where people are anxious to see what their
friends are sharing of them. (You need
Multi-factor authentication – more on that in a future post).
We need to recognize Phishing as serious threat. Do you have the training material to educate yourself and staff to identify phishing emails/sites and take appropriate actions? Is this overwhelming and frustrating? Feel free to reach out to me and my team. We would be happy to have a conversation with you about Phishing. We can demonstrate training and testing platforms which you can use to protect your organization.
Stay Safe and Secure.
Jeff S Brodie
Managing Partner – Codefusion Communications Inc.
Book a fee consultation call with us?