Any malicious use of computer technology is a cyber attack, and phishing shows the importance of understanding social engineering. Even the most sophisticated cyberattacks deployed by advanced persistent threat (APT) teams involve social engineering at some point during the attack. It is much easier and more effective for an external attacker to break into the network through someone with a privileged user account than to attempt a frontal attack or exploit using entirely different technologies.
And once an attacker has tricked someone into granting them access to a privileged user account, the attacker can continue without anyone else. Often, they can even upgrade privileges from an account with limited privileges to root privileges.
Phishing is one of the most common ways that cyber attackers fool people into giving them account access. Phishing is when an attacker pretends to be a trusted entity, such as your bank, utility company, employer, government agency, Amazon, Apple, or Google. To make phishing easier, attackers mimic emails, websites, web apps, text messages, or social media posts from a trusted entity. It’s easier than ever these days, because you can easily buy scam kits on the Dark Web, to mimic specific companies, service providers, and government agencies. body. This phishing kit includes trusted websites, messages, and images.
A typical common phishing attack usually goes something like this. Users receive an email that is identical to the emails they receive from their internet service provider, or bank. “A hacker may have hacked into your account, click here to change your password now” If a user clicks on the link, they will be directed to a phishing site that looks exactly like the website official. This website can infect the user’s machine with malware. That site may also have a change password form asking for the user’s current password. The attacker has the user’s real password and may have also infected their phone or PC with spyware or malware.
So here are the 5 most dangerous online scams for you to watch out for.
The John Podesta . Scam
When John Podesta, Hillary Clinton’s campaign manager in 2016, was successfully scammed in March of that year, he gave us a great example of how powerful people are being targeted by cyber attackers. How is the goal.
The phishing attack targeting Podesta is known as spear phishing. Spear phishing targets a specific individual, and often attackers will research their target quite thoroughly so they can prepare social engineering methods. Many other phishing attacks are just a sidebar, they can target Canadians in general, people with Scotiabank accounts, for example. Spear phishing will target a specific person, be it because of their power or privileged access.
In March 2016, Podesta received an email from an attacker posing as Google. The email said someone in Ukraine tried to access his Google account and asked him to click a link to change his Google password. The campaign’s IT team advised Podesta to go directly to Google’s website, set up 2FA, and avoid clicking on email links. But he clicked the link.
Sensitive data revealed in the attack appeared on WikiLeaks and revealed much private information about the Clinton campaign. It was a nightmare for the Clinton campaign.
COVID-19 relief scam
This phishing campaign from 2020 is a great example of how phishing attacks can exploit people’s financial desperation.
The November scam emails were from the IRS (US tax agency) and promised $1,200 in COVID-19 relief. “More action is required to accept this payment to your account. Continue here to accept this payment…”
This link leads to a scam site that mimics the IRS’s Get My Payment website. Many victims have shared personal and financial data with cyber attackers.
Scam on Ubiquiti Networks
Ubiquiti Networks is a technology company in the United States. In 2015, a highly detailed online phishing campaign targeted the company’s Chief Accountant. The attacker impersonated their CEO and lawyer.
While impersonating the CEO through phishing emails, the attacker forced the targeted CEO to transfer large amounts of money to different accounts to facilitate a supposedly secret acquisition. of the company.
Ubiquiti Networks only learned about the hack when the FBI contacted them. $46.7 million was lost in this scam.
Christmas Eve Charity
The Christmas holiday season is a time when many people feel they need to show their generosity towards charitable causes.
Cyber attackers have exploited these emotions. The FBI warns people to avoid the following email scams:
“If you receive an email purporting to be from a charity, do not click on the links. Because it can download viruses to your computer or phone. Look out for charities names that sound a lot like well-known charities, as well as email addresses that don’t match the fundraising charity. Instead, search for a charity using an internet search engine to make sure you’re working with a real charity.”
Crelan Bank Phishing Attack
In January 2016, Bank Crelan, a major financial institution in Belgium, became the victim of a stealthy phishing campaign.
The attackers compromised the email accounts of company executives. From there, the attackers forced employees with internal financial access to transfer large amounts of money to the attacker’s account.
This attack cost Crelan Bank about $75 million and was only discovered through an internal audit.
As you can see, phishing attacks can target anyone. They have varying degrees of sophistication. The best defense is to be aware of them and contact trusted agencies directly instead of clicking on links in emails, text messages, and social media posts.