Security Awareness Tips

Fishing Warfare?

Phishing is largely a criminal activity employing socialengineering tactics to defraud Internet users of sensitive information and steal credentials, money and/or identities.

A Phishing attack is generally characterized by a lure, hook, and catch:
The Lure: an enticement delivered through email. The email contains a message encouraging the recipient to follow an included hypertext link. The hyperlink often masks a spoofed uniform resource locator (URL) of a legitimate website.

The Hook: a malicious website designed to look and feel like a legitimate website. The authentic looking website asks the victim to disclose personal information, such as user identification and password. Often the hook is an obfuscated URL that is very close to one the victim finds legitimate and is really a site under the attacker’s control.

The Catch: when the originator of the phishing message uses the information collected from the hook to masquerade as the victim and conduct illegal financial transactions.

Spear Phishing is an email spoofing fraud attempt that targets a specific organization and users, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by organized perpetrators out for financial gain, trade secrets, or national security information.

As with the email messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source.

Whaling is a spear phishing attempt to target Senior Executives/Leadership (i.e. the big fish).