Home Hacking Sharks and phishers are circling, looking to snag a bite

Sharks and phishers are circling, looking to snag a bite

by

The most popular Massachusetts summer beach vacation destination, Cape Cod, has seen an unusual spike in shark sightings this summer. Marine biologists aren’t saying that means there are more sharks than usual, but that they are swimming closer to shore.  Thanks to the increasing number of drones and cellphone videos, it seems like Cape Cod is experiencing a Shark Summer. And it’s having an impact on summer activities, as many beaches are closed and swimmers are warned to stay close to the shore. No one wants to slip-up and take the risk of inviting the next shark attack, particularly after a fatal attack last summer.

This summer, the shark threat isn’t just in the water. The kind of shark threats I’m referring to are the cybercriminals and hackers who have successfully lured in high-profile victims for a phishing attack. Here are some of the major attacks we’ve seen this summer:

  • Amazon Prime Day shoppers may have been lured in by hackers using a phishing kit that lets anyone design emails mimicking legitimate tech businesses. It’s pretty low-level phishing, as far as attacks go – more like a day of catching minnows rather than deep-sea trophies – but very effective for those looking to grab the best deals.
  • Attackers got a little more creative in a scam against American Express Just as a fly fisherman uses inventive lures to attract trout, these phishers used a base HTML element that tricked spam filters into believing it was a legitimate URL and filtered the email into inboxes. Then it relayed a sense of urgency that users needed to take action by clicking this legitimate-looking link or otherwise have their accounts suspended.
  • GDPR reeled in its biggest catch in terms of fines (so far) when “weak security allowed user traffic to be diverted from the British Airways website to a fraudulent page,” according to CNN. This allowed hackers to harvest all types of sensitive passenger data, and now BA faces up to $230 million is fines, a GDPR record.
  • In Bulgaria, a hacker gained access to a government database and compromised the records of 5 million out of the country’s 7 million residents. A single shark attack can impact an entire beach and its surrounding neighborhood.  In this case, a single hacker can impact an entire country.

No one is immune

No organization is immune from the threat of a phishing attack and its aftermath. We talk a lot about how cybercriminals are becoming more sophisticated in their attempts to stay one step ahead of security systems, but only the American Express hack above could be considered sophisticated, or at least more sneaky than usual.

Instead, phishing attacks target the weakest link in security – humans. Hackers smell the blood and go after it, knowing that someone is going to make a mistake and turn into prey. That’s why CISOs and the security team need to rethink their approach around phishing attacks. There is a tendency to trust our email messages, especially if it appears to be from a known person or a familiar company. Instead, we have to mistrust everything and be hypervigilant when wading into the murky waters of our inboxes. That means encouraging staff to take the extra minute or two to contact the presumed sender directly and ask if the email is legitimate or to manually type in the company’s URL rather than click a link.

Reeling in the phish

Decreasing phishing attacks is a two-part process: one part training and one part alerting.

Most employees struggle to tell the difference between a legitimate email and a phishing attack. Even those with a solid security background will struggle at times to tell the difference. Even though many companies now provide mandatory training, it often assumes that everyone is at the same level of knowledge, and even then, training is often just listening to a webinar or taking a quick quiz and that’s the end of it.  Many employees don’t absorb or retain the training and go back to their normal risky email and link-clicking behaviors.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More