{"id":73672,"date":"2015-07-30T22:46:02","date_gmt":"2015-07-31T02:46:02","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-24T16:59:07","modified_gmt":"2021-08-24T20:59:07","slug":"spear-phishing","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/spear-phishing\/","title":{"rendered":"Spear Phishing"},"content":{"rendered":"

\"Spear<\/a>As long as there have been people, there have been scammer<\/strong>s of some kind. Today, cybercriminals<\/strong> use the same technology email, instant messaging, chats, that helps everyone else in their daily lives. The only difference is that they use it for wrongdoing<\/strong>. The results of a recent JPMorgan Chase company hack<\/strong> prove it. The banking giant fell victim to a spear phishing attack.<\/p>\n

\"Phising\"<\/a>The outcome<\/a>\u00a0of the JPMorgan Chase & Co<\/a>., hack<\/a> says that over 76 million user accounts were compromised. It is also very likely that other banks were breached<\/a> by the same attackers. The breach of JPMorgan Chase should serve as a reminder that even large, sophisticated businesses can be breached by today\u2019s phishing expeditions<\/strong>.<\/p>\n

Attackers were able to penetrate JPMorgan Chase\u2019s defenses and roam their<\/a>\u00a0networks<\/a> undetected for months most likely due to one worker who fell victim to a spear phishing attack<\/a><\/strong>. Corporate security and hackers are engaged in an asymmetric figh<\/strong>t<\/strong> right now. The good guys have to protect the entire enterprise while the bad guys only need a single point of failure<\/strong> to gain access, just one user to fall victim to a spear phishing attack and they are in.<\/p>\n

The bad guys have the advantage<\/h3>\n

\"Nigerian<\/a>Anyone can claim to be a Nigerian prince<\/a> from behind their computer screen and bilk unsuspecting targets for their financial information over email. All it takes is a valid email account \u2013 personal or otherwise. With the hacker’s advantage in mind, here are some tips to help avoid spear phishing attacks and prevent the attacker’s access to your firm.<\/p>\n

Spear Phishing<\/h3>\n

Today\u2019s phishing attacks are not the crude, typo-filled emails from Nigeria<\/a> of yesteryear. Spear-phishers carefully research their targets<\/strong>. They will know your manager\u2019s name, the names of your co-workers, and perhaps the projects you\u2019re assigned to. This knowledge and detail make spear-phishing very effective.<\/p>\n

No matter what the nature of an email account is, it is susceptible to all the dangers of the Internet. This is bad news for businesses that use email, and a lot of organizations out there fit that bill to a T. The more that a company uses email, the greater the chance that they will experience a data breach of some kind<\/strong>.<\/p>\n

There is really nothing stopping a well-crafted phishing scam from appearing in a corporate inbox and fooling an unwitting employee. Here is a look at three of the email-based scams<\/strong> that could be threatening your business right now:<\/p>\n

Vendor identity fraud<\/h3>\n

According to a report from Virginia TV station WHSV<\/a>, the Better Business Bureau<\/a> is warning businesses<\/a> of a recent scam that targets this daily operation as a way to siphon money from corporate bank accounts. The BBB describes the attack:<\/p>\n

As part of your job, you pay invoices for several of your business’s\u00a0<\/em>vendors … One day, you receive an urgent email from an executive in your company telling you to change how you pay invoices from a vendor. Instead of sending a check, you now need to wire the money straight to a bank account.<\/em><\/p>\n

\"SPAMThis phishing attack is made possible by malicious hacking. Cybercriminals break into company emails and gain enough information to impersonate one of the\u00a0organization’s suppliers<\/strong>. Next, they send off the false email that tells some poor admin to wire the payment to the hackers<\/strong> instead of the supplier and leave\u00a0businesses out hundreds of thousands of dollars depending on the nature of\u00a0the vendor.<\/p>\n

Hackers impersonate branch of FBI<\/h3>\n

Nobody likes being accused of crimes that they didn’t commit. This is especially true when the FBI<\/a>\u00a0is involved. But a new scheme involving the Internet Crime Complaint Center<\/a> has many people thinking their arrest is\u00a0imminent if they do not fork over a hefty fine via online transaction<\/strong> \u2013\u00a0something that is unheard of in real law enforcement agencies and that\u00a0the FBI has been forced to address. DailyFinance contributor Mitch Lipka wrote:<\/p>\n

The emails claim that the victim is the subject of a criminal report and\u00a0that charges are forthcoming …\u00a0They are then told that they have one or two days to respond or risk\u00a0arrest, IC3 said. Those who respond are told they have to send money via\u00a0prepaid cards if they want to avoid prosecution<\/em>.<\/p>\n

Fooled by “clients”<\/h3>\n

Lawyers are trained to always read between the lines and examine the fine print in legal documents, but what about in their supposedly secure communications?<\/p>\n

This is one concept that has been inadvertently brought up\u00a0in New Zealand thanks to a scam targeting law firms and their clients.\u00a0There are plenty of things that can be done over email, but that doesn’t mean that they should be. Client and lawyer communications are one of these\u00a0tasks. According to The National Business Review, criminals will pose as\u00a0either a law professional or someone they currently represent, asking the\u00a0opposite party to make a payment or carry out a transaction<\/strong>. This not only puts funds in danger but also sensitive information. This may land a law firm in serious legal trouble.<\/p>\n

Related articles<\/h6>\n