Posts Tagged Spear Phishing

Common Phishing Attacks And How To Protect Against Them

Phishing attacks are launched to steal sensitive user data comprising of passwords and important login credentials. The attacker generally masquerades itself as a legitimate sender and sends an email, message or link infected with malware. It is a type of social engineering attack that can have devastating results. There are numerous types of phishing attacks, here we have listed few:

Deceptive Phishing
It refers to an attack in which a hacker deceives the user by impersonating as a legitimate website but steals away a person’s personal information. An email with malicious content often posing as a threat or urgent message is sent to force the user to click it. For example, sometimes they send the user an email posing as a mail from their bank regarding some discrepancy in the account. The user, often in all the haste, clicks on the link and is directed to an illegitimate site that steals away their passwords & login credentials.

Spear Phishing
The hacker personalizes the attack. Emails are specifically addressed and have the target’s name, position, company name etc. mentioned in them to win the user’s trust. This is done to dupe the user and make them click on the malicious link. When once the user parts away with their confidential information, their login credentials and sensitive data is stolen.

In this type of attack, the executives at the highest level are targeted. Generally the employees at top level do not undergo a security awareness training program which is why they are prone to cyber-whaling. An attempt is made to pitch the executives using specially designed emails or social engineered attacks. Then the attacker launches a BEC (Business Email Compromise) scam to use the executive’s email to initiate fraudulent wire transfer to a financial institution.

This attack resorts to domain name system cache poisoning. The alphabetical website name is converted into numerical IP address which is used to locate computer devices. The attacker then directs the user to a malicious website even if the user entered a correct website name.

Mimic Phishing
An authentic website such as GoogleDocs, Dropbox etc. is mimicked to lure users to sign in. This way their passwords & login credentials are stolen.

How To Protect Yourself Against Such Attacks –

  • Carefully check the URL of the website before clicking on it.
  • Organizations must conduct employee training programs in which every employee should participate.
  • Companies must invest in software that have the ability to analyze inbound emails in order to keep a check over the malicious links/ email attachments.
  • Financial transactions should not be authorized through emails.
  • Only enter the websites that begin with – https as such sites are much secure.
  • Install a high quality anti-virus and update your system on a regular basis.
  • For more information on IT Security, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

What Is Spear Phishing?

June 9, 2016

Spear phishing is a form of cyber-attack targeted towards an individual or organization to obtain confidential information. It is a social engineering technique that involves sending a spoofed email, which appears or claims to be from a legitimate source, asking the user to visit a website or click on a link. Though often intended to steal data that can be further used to initiate an attack, cyber criminals may also use spear phishing to install malware on the victim’s computer system.

Key Characteristics Of A Spear Phishing Attack

  • Multi-Course Threat: Spear phishing uses a combination of spam emails, zero day application vulnerabilities, spoofed website URLs and add-on downloads to circumvent detection by the security software.
  • Leverages Unknown Software Vulnerabilities: In a spear phishing attack, the hackers tend to exploit the unknown security loopholes in the users’ browsers, applications and plug-ins.
  • Lacks Spam Characteristics: The cybercriminals usually send personalized emails to the target users, hence making them different from the prevalent high-volume security attacks. Therefore, the anti-virus and anti-spyware programs are less likely to perceive these emails as a threat.

How Does Spear Phishing Work?

In order to launch a spear phishing attack, the hacker first needs to gain some insights about the target user so that a personalized email can be crafted. The information is often accessed through the user’s social media profiles and posts. After this, they send a well-crafted email to a user, often claiming to be from a bank or other authorized entity, provoking the user to take an action. These may involve:

  • Clicking on a link that redirect to a fake website asking the user to enter his user ID, password, bank account number, social security number etc.
  • Downloading attachments, usually PDFs, Office documents, zip folders or executable files, which install malware on the users’ computer.

The content shared in a spear phishing email is highly customized to compel the users about the authenticity of its sender and increase the likelihood of exploitation.

Tips To Protect Against Spear Phishing Scams

  • Make sure you do not provide any personal information in an email. Most companies/ financial institutions do not ask for such details in an email.
  • Never click on links embedded in an email. Instead, type the URL manually in your browser’s address bar.
  • Keep your security software, browsers and applications updated to the latest version. An obsolete program is more likely to be targeted by the cybercriminals.

Centex Technologies provides complete IT support to the businesses in Central Texas. For more information, feel free to call us at (855) 375 – 9654.


No Comments