The SANS Institute has a new poster that aims to educate people on phishing and spear phishing emails. Here is a recap of the key points, great resources and of course the poster.
First of all, let’s clear up what phishing is for those of you who aren’t sure. Phishing is a psychological attack used by cyber criminals in order to trick you into giving up personal information or taking action. Phishing has developed over time. The term initially described email attacks that would steal your username/password information. Phishing now refers to any message based attack, whether that be email, IM, or on a social media network.
How it Works
A cyber attacker will send you a message that appears to be from a reliable source, causing you to open it. There will then be some sort of call to action whether it is a link, an infected attachment or responding to SPAM. Once you take the bait they will be able to access your information, putting you at high risk.
Phishing vs. Spear Phishing
In traditional phishing, cyber criminals send out messages to millions of users trying to infect as many users as possible. Spear phishing however, is very targeted. Attackers will do extensive research on all of your profiles and accounts, as well as anything that is posted on a public form or blog. They will then send you a customized message that will most likely lure the desired target.
Signs to Look Out For
Check the email address, if the email appears to be from a legitimate organization but the address is a personal account (Gmail, MSN, Hotmail, Yahoo) it is probably an attack. It is important to also be cognizant of the “TO” and “CC” fields to ensure that there are no suspicious third parties.
Is it personalized? If a secure organization is attempting to contact you they should already have your name and information. Be wary of generic greetings.
Improper spelling and grammar can be giveaways as well.
An overwhelming sense of urgency that requires you to share personal information.
Links! Only click on those that you are expecting. Also, hover your mouse over the link before you proceed to make sure that it is taking you where it claims to.
Same goes for attachments; don’t open anything you aren’t expecting.
Is it too good to be true? Probably.
Suspicious emails from trusted sources can happen. If your friend or colleague sends you a strange message, their account may have been attacked. If you are questioning it give them a call first to confirm legitimacy.
Some handy articles on security best practices:
Categorized under: Security