A Look Through The Eyes Of A Phisher

Posted by Darrell Karp | December 19, 2017
A Look Through The Eyes Of A Phisher

Phishing, confidence scams, and all types of political and corporate trickery can come at a high price. No matter how sophisticated your security systems are, the human component can undo many of your business’ protective plans.

To understand how these seemingly basic security breaches happen to vital professionals and officers of top businesses, here are a few phishing details to help you understand where your security weak points are.

Important Deliveries with Boxes of Fraud

One of the more popular phishing scams in 2017 was the fake delivery notification technique. The world thrives on fast deliveries, and with so many trinkets that can be purchased for small prices and zipped around on demand, many people surprise themselves with their own deliveries.

Social engineers caught onto this nugget of curiosity and opportunity, and have created a tempting way to deliver security threats the old-fashioned way; with an email attachment that needs to be clicked and launched.

This is especially dangerous when dealing with businesses that receive new shipments on a regular basis. A policy of not opening attachments is important and hardly news, but new employees who may not know the dangers of trojan viruses may simply open the file anyway.

Training is important, but you also need a plan to stop people from making careless mistakes so casually. First, attachments need to either be scanned before launch or blocked completely. Although some jobs require opening attachments, you may want to block certain extensions from launching at all.

Dangers of Slack, Discord, Skype and Other Communications Systems

Collaboration software is not only an amazing way to work on projects together but an entire industry with multiple players and niche markets that all interact with each other at some point.

As working from home and technology as a lifestyle become bigger parts of the modern world, many systems that have business users will also have some sort of personal component. Collaboration software such as Slack, Discord and Skype all employ some kind of chat and file sharing system that can be exploited.

It’s not as simple as keeping your Slack group private, or verifying all of your Discord server users. These tasks need to happen, but you can never be sure what your verified employees may be doing.

A person disguised as a colleague may ask for some files to be copied and sent from a private channel. Since the reality of software includes bugs, errors and other strange problems, a social engineer may pretend that their screen is having problems or that the file keeps getting corrupted during the download.

One of your team members may copy over certain files to help out, or even worse, add the fake account to your group. Being a skilled tech support agent doesn’t necessarily make someone a phishing professional, and a systems genius with no social workplace experience may allow hackers to get what they need under the guise of needing help.

If you need help assessing your business security training program, or would like help with locking down certain settings to make phishing a smaller problem with fewer entry points, contact SJP Network Solutions, who are experts on cybersecurity and offer an extensive IT support team to solve any problems.

 

Photo: Computer by Jamiesrabbits licensed under Creative commons 2


    • Get a Free No-Obligation Consultation

    Get Tech Tips, Security Alerts and Promotions