Todays Techy Tip: CYBERCRIMINALS PHISHING Most of us have heard the term “phishing” from our security awareness training, Internet service providers, and other media outlets. It is one of the number one problems we all face and are often found in spam emails. It is a cyber criminal’s way of extracting personal information from you. Another term you may have heard is “spear phishing”. This is a targeted effort against a single person or group in order to obtain vital information. This video, youtube/watch?v=e40nOPt1Alk, will shed some light on this type of attack. PHARMING Pharming much like phishing, is broader in scope. It often happens when a DNS server is poisoned (infected with malware). A DNS server identifies a URL (web address) with an IP address. The infected server often sends a spoofed address and redirects the unsuspected user to a bogus site that looks identical to the actual site. It often prompts you to log in and provide sensitive information. This video on spoofing, youtube/watch?v=3VvLp2zJACg, illustrates this method criminals use to steal your information and quite often, your money. SMISHING Smishing much like Phishing, uses SMS (Short Message Service) or what we commonly know as “texting.” It follows the same principle and tries to steal your information. It can also download malware to your phone that can remotely access all the information on your phone. This includes its OS (Operating System) that can remotely operate the recording capabilities of your phone’s camera and microphone. A short Anderson Cooper interview (youtube/watch?v=riXkdEcd7pY) on CNN highlights this problem. VISHING Like the other aforementioned social engineering attack methods, vishing uses the traditional voice telephone. It can be through a voice mail directing you to an action like dialing a number to an Interactive Voice Response (IVR) prompting you to enter personal information such as a PIN, account number, and social security number. It may ask you to connect to a live person who pretends to be from the actual business, but is a trained social engineer attempting to steal your information or remotely gain access to your computer. More on vishing can be viewed on this short video, youtube/watch?v=aL_m6jelF1M. SUMMARY A seasoned cybercriminal understands and is well versed in how to use all these methods to steal your personal information and/or lure you into a malware infection process. A really good cybercriminal will incorporate all these techniques. It is up to you to practice due diligence and practice STOP-THINK-CONNECT. Unsuspected people are weak links in our information security efforts, so remember, Security and Privacy - It all centers around YOU. by S.G., CISSP
Posted on: Thu, 16 Oct 2014 13:54:07 +0000
Trending Topics
Recently Viewed Topics
© 2015