Du kender allerede til phishing : processen med at sætte madding i og vente på, at nogen afslører hans/hendes personlige oplysninger. Phishing kommer i mange varianter som Spear Phishing , Tabnabbing , Whaling , Tabjacking og Vishing and Smishing. Men der er endnu en type, og det er Spear Phishing .

Du er muligvis allerede stødt på Spear Phishing . Når du bruger denne teknik, sender cyberkriminelle dig en besked fra en enhed, du kender. Meddelelsen beder dig om dine personlige og økonomiske oplysninger. Da det ser ud til at stamme fra en kendt enhed, svarer du bare uden en anden tanke.

Hvad er Spear Phishing

Spear Phishing er en metode, hvor cyberkriminelle bruger en målrettet teknik til at narre dig til at tro, at du har modtaget en legitim e-mail fra en kendt enhed, der beder dig om dine oplysninger. Enheden kan være en person eller enhver organisation, som du har at gøre med.

Det er nemt at få det til at se originalt ud. Folk skal bare købe et relateret domæne og bruge et underdomæne, der ligner den organisation, du kender. Det kan også ligne e-mail-id'et for en person, du kender. For eksempel kan something.com have et underdomæne ved navn paypal.something.com . Dette giver dem mulighed for at oprette et e-mail-id, der bliver [email protected] . Dette ser ret identisk ud med e -mail -id'er^(IDs) relateret til PayPal .

I de fleste tilfælde holder cyberkriminelle øje med dine aktiviteter på internettet^(Internet) , især på sociale medier. Når de får oplysninger fra dig på et websted, vil de gribe muligheden for at udtrække oplysninger fra dig.

For eksempel sender du en opdatering om, at du har købt en telefon fra Amazon på et hvilket som helst socialt netværkssted. Så modtager du en e-mail fra Amazon om, at dit kort er spærret, og at du skal bekræfte din konto, før du foretager flere køb. Da e-mail-id'et ligner Amazon , giver du let de oplysninger, de spørger om.

Med andre ord har Spear Phishing målrettet phishing^{(Spear Phishing has targetted Phishing)} . E-mail - id'erne^(IDs) og meddelelserne er tilpasset til dig - baseret på oplysninger, der er tilgængelige på internettet^(Internet) om dig.

Eksempler på spydphishing

Selvom phishing er en daglig ting, og mange kender det nok til at forblive beskyttet, bliver nogle stadig ofre for det.

Et af de bedste og populære eksempler på spear phishing er den måde , hvorpå RSA -enheden i EMC blev målrettet. RSA var ansvarlig for EMC 's cybersikkerhed . De cyberkriminelle sendte to e-mails, hver med en EXCEL -fil indeholdende en aktiv MAKRO^(MACRO) . Titlen på e-mailen blev sagt at være Recruitment Plan . Mens begge e-mails blev filtreret ind i de ansattes uønskede mapper^{(Junk Folders)} , blev en af medarbejderne nysgerrig og hentede den. Da MAKRO'en^(MACRO) blev åbnet, åbnede den en bagdør for de personer, der sendte e-mailen. De var derefter i stand til at skaffe medarbejdernes legitimationsoplysninger. På trods af at være et sikkerhedsfirma, hvis RSAkunne blive narret, forestil dig livet for intetanende almindelige internetbrugere^(Internet) .

I endnu et eksempel om et cybersikkerhedsfirma var der e-mails fra tredjeparter, der narrede ledere til at tro, at det var deres medarbejdere, der bad om detaljer. Da de cyberkriminelle fik oplysningerne ved at udgive sig som ansatte via e-mail, kunne de få overført penge fra virksomheden til kriminelles offshore-konti. Det siges, at Ubiquity tabte over 47 millioner dollars på grund af spyd-phishing-fidusen.

Whaling & Spear Phishing -svindel er nye problemer med cybersikkerhed. Der er en tynd forskel mellem de to. Spear Phishing er rettet mod en gruppe mennesker - som en e-mail, der er rettet mod medarbejdere i en virksomhed, kunder i en virksomhed eller endda en bestemt person. Hvalfangstsvindel er ^(Whaling) typisk^(Scams) rettet mod ledere på højt niveau.

Spear Phishing-beskyttelse

Husk altid, at ingen e-handelsvirksomhed vil bede dig om dine personlige oplysninger via e-mail eller telefon. Hvis du modtager en besked i nogen form, der beder dig om detaljer, som du ikke føler dig tryg ved at dele, skal du betragte det som et spyd-phishing-forsøg og afbryde det direkte. Ignorer^(Ignore) sådanne e-mails, beskeder og sluk for sådanne opkald. Du kan bekræfte med organisationen eller personen, før du svarer i fremtiden.

Blandt andre Spear Phishing- beskyttelsesmetoder er kun at dele så meget som nødvendigt på sociale netværkssider. Du kan sige, at det er et billede af din nye telefon og sende det i stedet for at tilføje, at du har købt det fra XYZ -organisationen - på en bestemt dato.

Du skal lære at identificere phishing-angreb^{(identify Phishing Attacks)} for at vide mere om beskyttelse mod phishing generelt. Grundlæggende^(Basically) bør du have god sikkerhedssoftware, der filtrerer din e-mail godt. Du kan tilføje e-mail-certificeringer og krypteringer til de e-mail-klienter, du bruger, så du er bedre beskyttet. Mange^(Many) af spear-phishing-forsøgene kan blive fanget med certifikatlæseprogrammer indbygget i eller installeret på e-mail-klienten.

Stay safe, stay sharp when online!

What is Spear Phishing? Explanation, Examples, Protection

You already know about Phishing: the process of putting in some bait and waiting for someone to divulge his/her personal information. Phishing comes in many flavors like Spear Phishing, Tabnabbing, Whaling, Tabjacking, and Vishing and Smishing. But there is yet another type, and that is Spear Phishing.

You may have already come across Spear Phishing. When using this technique, cybercriminals send you a message from an entity that you know. The message asks you for your personal and financial information. Since it appears to originate from a known entity, you just reply without a second thought.

What is Spear Phishing

Spear Phishing is a method where cybercriminals use a targetted technique to dupe you into believing that you received a legitimate email from a known entity, asking you for your information. The entity can be a person or any organization that you deal with.

It is easy to make it look original. People just have to purchase a related domain and use a subdomain that looks like the organization you know. It can also look like the email ID of a person you know. For example, something.com can have a subdomain named paypal.something.com. This allows them to create an email ID that goes [email protected]. This looks pretty identical to email IDs related to PayPal.

In most cases, cybercriminals keep an eye on your activities on the Internet, especially on social media. When they get any information from you on any website, they’ll grab the opportunity to extract information from you.

For example, you post an update saying you bought a phone from Amazon on any social networking site. Then you receive an email from Amazon saying your card is blocked and that you need to verify your account before making any more purchases. Since the email ID looks like Amazon, you readily give away the information they ask.

In other words, Spear Phishing has targetted Phishing. The email IDs and messages are personalized for you – based on information available on the Internet about you.

Spear Phishing Examples

While phishing is a daily thing and many are familiar with it enough to stay protected, some still fall prey to it.

One of the best and popular spear phishing examples is the way RSA unit of EMC was targeted. RSA was responsible for the cybersecurity of EMC. The cybercriminals sent two emails, each with an EXCEL file containing an active MACRO. The title of the email was said to be Recruitment Plan. While both the emails were filtered into the Junk Folders of employees, one of the employees got curious and retrieved it. When opened, the MACRO opened a backdoor for the people who sent the email. They were then able to procure the credentials of employees. Despite being a security firm, if RSA could get tricked, imagine the life of unsuspecting regular Internet users.

In yet another example concerning a cybersecurity firm, there were emails from third parties that tricked managers into believing that it was their employees asking for details. When the cybercriminals got the information by posing as employees over email, they were able to get money transferred from the company to criminals’ offshore accounts. It is said that Ubiquity lost over $47 million due to the spear-phishing scam.

Whaling & Spear Phishing scams are emerging cyber-security issues. There is a thin line of difference between the two. Spear Phishing targets a group of people – like an email that targets employees of a company, customers of a company, or even a specific person. Whaling Scams typically targets high-level executives.

Spear Phishing protection

Always remember that no e-commerce company will ask you for your personal information via email or phone. If you receive any message in any form asking you for details that you don’t feel comfortable sharing, consider it a spear-phishing attempt and cut it off directly. Ignore such emails, messages and switch off such calls. You can confirm with the organization or person before responding in the future.

Among other Spear Phishing protection methods, is to share only as much as is needed on social networking sites. You can say it is a photo of your new phone and post it instead of adding you bought it from XYZ organization – on a certain date.

You have to learn to identify Phishing Attacks to know more about protection from phishing in general. Basically, you should have good security software that filters your email well. You can add email certifications and encryptions to the email clients that you use so that you are better protected. Many of the spear-phishing attempts may get caught with certificate-reading programs built into or installed to the email client.

Stay safe, stay sharp when online!

Anton Jørgensen

About the author

Jeg arbejder som konsulent for Microsoft. Jeg har specialiseret mig i udvikling af mobile apps til Apple og Android enheder, og er desuden involveret i udvikling af Windows 7 apps. Min erfaring med smartphones og Windows 7 gør mig til en ideel kandidat til denne stilling.

Hvad er Spear Phishing? Forklaring, eksempler, beskyttelse

Hvad er Spear Phishing

Eksempler på spydphishing

Spear Phishing-beskyttelse

What is Spear Phishing? Explanation, Examples, Protection