In this series we will examine 3 common phishing attacks; Credential Stealing, Exploit Kits and Malicious attachments.
Phishing is a method used to gain access to or gather personal or financial information from victims that requires an action on their part.
Phishing is the #1 cause of compromise. 30% of phishing emails get opened and 12% of those click on the link or attachment.
No longer are bad grammar and misspellings the norm. The crooks are getting better and craftier. A cyber crook knows that if he can trick you into giving him the information he seeks that it is much easier than trying to hack into a sophisticated network.
Suppose you get an email from your bank with a link where it asks you to click in order to confirm your login information. The attacker makes a convincing clone of an existing login screen and steals the credentials from the user. The credentials are either stored in a text file on the phishing site for the attacker to retrieve or directly emailed to the attacker.
Once the crook has your credentials he can then use those credentials on popular websites. He can also change your password and lock you out of your own account while emptying your bank account.
Here are some tips to avoid becoming a victim:
- Don’t click on links in emails. Instead, open a browser and go directly to the organization named in the email. If there is a legitimate alert you will be able to read about it in your account information.
- Legitimate sites will NEVER ask for your password
- Enable 2 factor authentication whenever possible.
- Do not use the same password for multiple sites. Enable the use of a password manager to help keep track of them.
Next week: Exploit Kits