No Phishing
|

How Phishing is Getting More Targeted

ByMike McBride Reading Time: 3 minutes

After reading this article from Inc, I think there are really three things that hackers are taking advantage of, that they didn’t used to, and these are things that we are only just starting to include in anti-phishing training.

  • They are doing research about companies before sending messages.

I’ve seen this myself. In the legal industry it’s common practice to list firm management and their email addresses on our websites. In the last couple of years I have heard more and more about phishing messages coming into firms where the “from” is spoofed to look like it’s coming from one of those folks. But, it’s more than that. They’re also doing more research on those people, trying to glean more information from social media profiles, and client testimonials, to include as part of their message. They are also taking advantage of mobile devices limited screen size to hide true email addresses after the name, unseen by the common phone email user. Or, as Kevin mentions in the article above, they’ll know when someone in management is going on vacation, and use that information.

  • They are taking advantage of our training, and the tools we are using.

Hackers know that we’ve been taught, over and over again, not to open unexpected attachments. So, as Kevin mentions, they’re moving to links instead. Which, takes advantage of something else. We are getting very, very, used to getting links to documents, secured emails, cloud based databases, etc. in an email. We are even getting used to those emails coming directly from the cloud tools and not people we already know. So, when we get a link that says “An account has been setup for you to view these shared documents”, it’s actually something we’ve gotten quite used to.

  • We’ve gotten used to shortened links

Now that we are using cloud based tools at work, and social media tools at work and home, we’ve also gotten very used to shortened links through services like Bitly, etc. Heck, go look at Twitter and see if you can determine the true URL that is linked to without clicking the link. Even my blog posts go out on social media using the WordPress built-in link shortener. We have gotten very comfortable clicking links that have been shortened. Hackers know this too. They also know that we’ve been taught, over and over, to hover over any suspect links to see where they really go. Well, when it is just a Bitly link, that doesn’t really tell us much. So we click, and then when a site pops up asking us to login, or confirm our identity, we go right ahead and do that. That gives a hacker an account to actually login to our network, not just a malware install, but an active, live, connection to everything that employee can access.

Are our security training tools keeping up with these changes?

IMHO, I have seen an increase in training around being careful with possibly spoofed email addresses. I have not seen as much discussion about links beyond they old “if it’s unexpected, hover over it” advice. I don’t think that advice is enough when we are being barraged by links sent to us through cloud-based tools, using shortened URLs. If we were really considering that, we might see people being a bit more thoughtful about sending those links. Not shortening them, or asking people to simply login to “Cloud Service” and see what has been shared with them, rather than sending links from the cloud service. It might take an extra step, but we are training our users to get phished when we don’t take that extra step.

 

 

Similar Posts

  • Lots of work today

    ByMike McBride Reading Time: 1 minute

    Today will be a pretty work intensive day as the calendar conspires against me. Not only is this the Monday after a 4 day weekend, which would be quite a bit of catching up on it’s own, but it’s also the time to update our website database, which occurs every other week, and it’s the…

  • Excellent Customer Service, or Greasing the Squeaky Wheel?

    ByMike McBride Reading Time: 2 minutes

    One of the things I’ve long wondered about bloggers writing about good service from a company is whether they got that service because the company really cares about taking care of it’s customers, or if they got that service because of who they are. A fine example came about last weekend when Louis Gray wrote…

  • |

    Linked – Why You Can Focus in a Coffee Shop but Not in Your Open Office

    ByMike McBride Reading Time: 1 minute

    Having worked in all kinds of places, this makes total sense. So why do so many of us hate our open offices? The quiet chatter of colleagues and the gentle thrum of the HVAC should help us focus. The problem may be that, in our offices, we can’t stop ourselves from getting drawn into others’…

  • |

    About Last Week

    ByMike McBride Reading Time: 5 minutes

    When I look back on those years, it breaks my heart to know that half (probably much more!) of the people in our industry exist as some version of me in my teens and twenties because they don’t feel safe. On a very personal level, it makes me cry for all the pain and hurt out there that I wish others didn’t have to know so well. On a professional level, it hurts all of us. How much better equipped could we be for technology changes and the challenges of working in the legal industry if there weren’t so many women and men who felt the need to hide to feel safe? How much more successful could your organization be if all of these folks felt safe enough to stop hiding their talents and ideas? Leaders, what are you doing to ensure that everyone feels safe? Are you telling them how to hide themselves better, or are you creating a space where they don’t need to?

    It matters to the bottom line, it matters in terms of career development, and it matters personally to far too many people who have their own stories to tell about their own experiences in and around our industry. Listen to them. Let it hurt you to hear their stories. Let it be heavy for you to learn the truth. Let that hurt turn into a determination to put an end to it.

  • Linked – Why public chats are better than direct messages

    ByMike McBride Reading Time: 2 minutes

    But, here it the real world, this doesn’t always work out very well. You really need the culture to be one where everyone is used to working asynchronously and checking the public channel for chances to help out the team. It sounds like that is both the expectation and the reality at this company but for a lot of us the reality is very different. Posting something in a public channel where no one gets a notification that a message is being posted generally means no one sees it. So we go back to using private channels or tagging people in the public channel in order so that we purposefully interrupt them. We haven’t developed a culture where asynchronous communication works and I suspect it’s because we don’t really want it. We want people to respond to us now. We don’t trust them to get back later and, to be fair, we don’t give our peers reason to trust us because we spend all of our time putting out fires and frequently forget to get back to people.

    In many cases, it’s a humblebrag. “Oh I saw your message but then I got involved in important things because I’m an important person and never got back to you”.

  • |

    How would you explain it?

    ByMike McBride Reading Time: 1 minute

    OK so it’s a simple concept to most of you guys, but obviously, our various users don’t quite grasp this, and I’m wondering what the best way to explain it is. Here’s the scenario: User needs data copied to a laptop from the network so he can work on it offline from some other location…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)