Information Warfare: Supercharged Phishing

Archives

February 28, 2016: One of the cheapest and most commonly used hacker tools relies more on psychology than software skill. This method of attack is known as spear fishing (“phishing” as hackers spell it). Spear fishing is a fishing operation where targets are carefully chosen and researched before putting together the attack (in the form of a personalized email). A new variation on spear fishing is called smishing. This is a two-step process that does not try to deliver malware (spying software) initially but seeks to get the recipient to reply to the first message. The hackers then respond with another message that does contain the malware. The most expensive aspect of fishing attacks is compiling or buying lists of suitable people and the email address of who the infected email message should come from to get the message or attachment opened. Spear fishing requires a lot more research on the target and these are the people smishing attacks are often aimed at.

Surveys of American companies indicate about 90 percent of them were hit with some kind of fishing attack in 2015. About 23 percent of people receiving a fishing email open it. Over 70 percent of companies do not have the kind of network defenses that will prevent malware from being installed. That is changing as word gets around about the extent of the damage done by fishing attacks.

The best automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email or an attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, as least until that vulnerability is recognized and patched.

 


Article Archive

Information Warfare: Current 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 


X

ad
0
20

Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close