Gone fishing, or is that phishing?
13th June, 2017
Phishing, spear phishing, trawling, whaling – what does it mean?
It’s all a form of hunting and you’re the potential prey. These are all terms created by ‘techie geeks’ for techniques they use to get you hooked – ultimately getting something of value from you.
What could that be?
A password to an e-mail account, information about your business or even your banking or credit card details, in order to steal your money or identity.
It follows the simple fishing principle of throwing some bait into the pool and seeing what bites. The emails are sent to thousands, sometime millions of mail accounts, in the hope someone bites. Clearly the more they send the bigger the success, and because of the technology they use it’s almost zero cost to the criminal.
The way phishing works
You receive an e-mail from what appears to be a reputable company, for example a well known online retailer, Government department, Apple/Microsoft or a major bank. It is likely to have a veiled threat with a ‘call to action’ within it.
An example would be ‘Your account is about to expire, you need to re-verify your details urgently’ or maybe warning of an outstanding invoice that needs to be paid immediately.
They’ll try to catch you off-guard. One of the favourite ways is drop a message in your mailbox late on Friday afternoon, everyone knows it’s POETS day and you’re more likely to click through, as you’re distracted by the thought of the much deserved weekend beer, wine or maybe even champagne, if it’s been a good week.
It may have an attachment such as an alleged invoice or receipt, or an embedded link, which it asks you to click on to validate your credentials. Chances are the attachment is loaded with malware (more tech talk for dodgy software), or the website you are directed to is a mocked up criminal website, to look like the one you thought it would be. This too may be laden with doom based software or just crafted to collect user details.
These guys are good. Some of the spoofed websites are really convincing, others are poorly built sites with little or no resemblance to the original, but remember, you’re now interested in the juicy bait wriggling on the hook. Oh, and don’t forget it’s still Friday!
So, you open the attachment with peaked interest. You’re likely to be presented with something that you can see is utter tosh, nothing to do with you, never heard of them, chancers. But you’re smart and you’ve seen through their little game, and you send it on its merry way to the recycle bin.
At this point, you’re feeling pretty good. You’ve realised at best this is spam, and at worst something nasty, but it’s fine because you’ve deleted it. Alas, superhero, the deed is done, you’ve opened the attachment and you’ve been caught. Your machine is now likely infected, and may even be sending personal details surreptitiously to the phisherman (sorry, we just made that word up). In other words, you’ve taken the bait and are now caught on the proverbial phishing line.
This is the first of an occasional series of blogs we are creating to highlight some of the security risks to you, your team and your business.
We appreciate this is a very dry topic, so we want to ease you in gently. But rest assured, this is a very serious subject, and the cost for becoming a victim of cyber fraud can be huge.
If you are concerned your business is already at risk, please contact us immediately on 01784 437 123.