Spear-phishing Made Easy
Posted by: Timothy Weaver on 11/03/2016 11:22 AM
[
Comments
]
What does it take to become a victim of cybercriminals? How easy is it to fall for a spear-phishing attack?
The below is an example of the data that someone posted on Facebook:
• He visited Tapley’s Pub in Whistler, British Columbia, on Sept. 20.
• He visited The Brewhouse in Whistler on Sept. 16.
• The names of at least some of the people he was with on Sept. 13.
• He visited the 192 Brewing Company on Sept. 12.
• He visited the Chainline Brewing Company on Sept. 11.
• He visited American Pacific Mortgage on Sept. 9.
• He went to a Seattle Seahawks game on Sept. 3.
Cybercriminals gleam information like this and along with other personal info for other social media accounts, can find out the company for which he works, the city in which he lives, his wife’s name, and lots of other information about him.
Just from the info posted on Facebook, a cybercriminal can craft a spear-phishing email such as this:
“Problem with your credit card charge at Tapley’s Pub”
It is highly likely the victim will open that email. He also would probably click on a link to "verify the charge."
The link of course would lead to malware such as a key logger. The criminal would then be able to capture every keystroke including login credentials and credit card numbers.
Organizations and small businesses need to train their employees to recognize spear-phishing attempts or risk company data falling into the hands of criminals.
Source: Dark Reading
The below is an example of the data that someone posted on Facebook:
• He visited Tapley’s Pub in Whistler, British Columbia, on Sept. 20.
• He visited The Brewhouse in Whistler on Sept. 16.
• The names of at least some of the people he was with on Sept. 13.
• He visited the 192 Brewing Company on Sept. 12.
• He visited the Chainline Brewing Company on Sept. 11.
• He visited American Pacific Mortgage on Sept. 9.
• He went to a Seattle Seahawks game on Sept. 3.
Cybercriminals gleam information like this and along with other personal info for other social media accounts, can find out the company for which he works, the city in which he lives, his wife’s name, and lots of other information about him.
Just from the info posted on Facebook, a cybercriminal can craft a spear-phishing email such as this:
“Problem with your credit card charge at Tapley’s Pub”
It is highly likely the victim will open that email. He also would probably click on a link to "verify the charge."
The link of course would lead to malware such as a key logger. The criminal would then be able to capture every keystroke including login credentials and credit card numbers.
Organizations and small businesses need to train their employees to recognize spear-phishing attempts or risk company data falling into the hands of criminals.
Source: Dark Reading
Comments
