Blog Posts from November, 2011
Phishing: You want to let this "phish" get away
When you think of phishing, what comes to mind? Do you visualize a targeted cyber attack on unsuspecting victims?
Growing up in Oklahoma, I used to “bait” the waters of my favorite fishing spots for weeks. A month or so later, my best friend and I would fish that lake and caught some of the biggest catfish in the county. In its simplest form, my baiting was a targeted attack which yielded high rewards. When the conditions are right, smart hunters manipulate prey to lower their guard and act carelessly. The art of influencing victims doesn’t require an Ivy League education, only the ability to feed on people’s emotions -- sympathy, fear, and greed.
Over the years, cybercriminals have become more effective at manipulating victims by “baiting” them.
For example, using a major event to play on people’s sympathy has proven fruitful. In 2010, the major earthquake in Haiti was exploited by hundreds of email scams. Natural disasters are a favorite source for creating phishing emails that masquerade as legitimate charities.
Another tried and true technique is for the cybercriminals to use fear to get individuals to divulge information they normally wouldn’t give out. Fabricating a time sensitive message, and posing as a bank or government agency, has proven successful in disarming even the most vigilant cyber warrior.
When the stock market tanked in 2009, many investors bought stocks for pennies on the dollar. Cyber criminals played on this greed as new investors became anxious to join into the stock market feeding frenzy. Phishing emails were crafted to solicit people to register with well-known online stock trading companies. People acted carelessly and sent personal and banking information to questionable email addresses manufactured by cybercriminals.
Most of us possess the knowledge and skills of identifying spear phishing attempts. When you receive an email that looks “phishy,” Ask yourself — am I being manipulated? Are you being asked to provide sensitive information? Violate your own security practices? Did you initiate contact with the sender? Or does something sound too good to be true? Phishing is an effective means of targeting people for information. Be an aware Cyber Patriot.
TIM WHITELOCK, Capt, USAF
Cyber Defense Analyst
EUCOM Network Warfare Center
Find more blog posts tagged with:
School donation continues long-standing relationship with Poland
Just last week, I visited the Krakow School for the Blind and Visually Impaired, which was heavily damaged in the spring floods of 2010, to deliver furniture and pianos donated by the U.S. Government.
Find more blog posts tagged with:
Humanitarian Assistance for Latvian Fire and Rescue
Since fall 2008 US Embassy's Office of Defense Cooperation (ODC Latvia) and State Fire and Rescue Service of Latvia (SFRS) have identified and submitted 10 Civic Engagement (Humanitarian Assistance) projects for renovations of fire stations all over Latvia.
Find more blog posts tagged with:
“Black Gold, Texas Tea”
Cooperation on Energy Security issues is in Lithuania’s and the United State’s common interests. The MOU outlines ways in which both organizations, EUCOM and the Energy Security Center, can continue to work and coordinate together.
Find more blog posts tagged with:
Interacting with AID
At the invitation of my good friend and colleague, AID Administrator Raj Shah, I had the chance to speak to his senior team about their extraordinary work on global issues of poverty, disease, and economic development.
Find more blog posts tagged with:
Our German Hosts
Despite the above statements professing modesty and a reluctance to lead or assist, after meeting these two groups I was left with the decided impression that “leading” and “assisting” are exactly what our German hosts are doing these days, and doing well.
Comments: 1
Capt. Tim Whitelock, I’m so glad that I found this article. Please keep up the good work, and hope to read more articles from you!