Someone’s Phishing for You!
Black Hats are out there casting a line for you and hoping to land their “Phish” This type of social engineering relies on a simple human trait – trust. By playing on this trust, they can manipulate you into falling for their plot to reveal the information they need to continue with their dirty deeds.
At the center of these types of schemes, is social engineering, and they go after the weakest link in the organization, your employees.
When one of your employees gets “reeled in” by their convincing story, and follows their directions by either opening an email with a malicious payload, clicking on a link or downloading an attached file, they get hooked.
It’s time to talk about some of the lessons that these types of attacks are teaching us.
First off, are you doing regular training for your employees on this type of threat? Unfortunately, many businesses are not placing a priority on security training for their employees including not finding the time to carry it out.
Second, we share too much online. The more you share, the more the black hats know about you, and the more convincing (tempting) they can make their stories (bait) to get you to trust them.
Third, Real companies understand this and will not ever ask for your login username or password or any other personally identifiable information electronically. Email received that asks for this type of information should be turned over to your IT department or your superior.
Everyone needs to avoid those emails that make you uneasy, either because they are out of character for the sender or company probably are suspicious.
We must be especially wary of any “bit-ly type” or shortened URL’s they contain as well, as they often are associated with forms or sites that are purposely designed to steal your login credentials.