Blog Posts tagged with "phishing"

When you think of phishing, what comes to mind?  Do you visualize a targeted cyber attack on unsuspecting victims?  

Growing up in Oklahoma, I used to “bait” the waters of my favorite fishing spots for weeks.  A month or so later, my best friend and I would fish that lake and caught some of the biggest catfish in the county.  In its simplest form, my baiting was a targeted attack which yielded high rewards.  When the conditions are right, smart hunters manipulate prey to lower their guard and act carelessly.  The art of influencing victims doesn’t require an Ivy League education, only the ability to feed on people’s emotions -- sympathy, fear, and greed.

Over the years, cybercriminals have become more effective at manipulating victims by “baiting” them. 

For example, using a major event to play on people’s sympathy has proven fruitful.  In 2010, the major earthquake in Haiti was exploited by hundreds of email scams.  Natural disasters are a favorite source for creating phishing emails that masquerade as legitimate charities.

Another tried and true technique is for the cybercriminals to use fear to get individuals to divulge information they normally wouldn’t give out.  Fabricating a time sensitive message, and posing as a bank or government agency, has proven successful in disarming even the most vigilant cyber warrior.

When the stock market tanked in 2009, many investors bought stocks for pennies on the dollar.  Cyber criminals played on this greed as new investors became anxious to join into the stock market feeding frenzy.  Phishing emails were crafted to solicit people to register with well-known online stock trading companies.  People acted carelessly and sent personal and banking information to questionable email addresses manufactured by cybercriminals.     

Most of us possess the knowledge and skills of identifying spear phishing attempts.  When you receive an email that looks “phishy,” Ask yourself — am I being manipulated?  Are you being asked to provide sensitive information? Violate your own security practices? Did you initiate contact with the sender?  Or does something sound too good to be true?  Phishing is an effective means of targeting people for information.  Be an aware Cyber Patriot.

TIM WHITELOCK, Capt, USAF
Cyber Defense Analyst
EUCOM Network Warfare Center