Anatomy of a Phishing Attack - Part 3
Ahmed Sharaf Cybersecurity Automation
SOAR / SIEM / XDR / ZTNA / IAM
Happy Valentine's Day! It's seem a little appropriate that today is the third part of our investigation into a "Phishing Attack". We are doing this to protect ourselves, our loved ones and families in addition to our employers. We like sharing the love, so if you enjoy this article please share.
If your a network administrator you could be saying to yourself, that is not how such a communication circumvents the firewall, adapts to the spam filters and evades nearly all of the threat defenses in place and ends up in an end users inbox, and from that perspective they would be correct. For the purpose of this article, we defined "Phishing" as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers and other private information.
We discussed how end users are the front line of defense and the best way of protecting ourselves is to increase our knowledge and sharpen our awareness of such attacks. Just as important we discussed how security is a shared responsibility and all of the measures will not matter if we do not factor into account for our end users.
That said, let's dive into the main body of this nefarious communication:
- RED - More Official, unofficial information attempting to provide the communication with merit.
- 3rd RED Bullet attempts to reduce the cost of the “Diplomatic Immunity Seal of Transfer” as though they are attempting to do you a favor and earn your trust.
- BLACK – “The Ask” is for you to provide your personal contact information
THINK
If they have your email and then you self-identify and provide your address, what is likely to follow is a more intense “Spear Phishing Attack”. We will cover Spear Phishing in another post but in short it is a more targeted form of attack towards an individual or organization given that they have a more robust and specific information data set on you and will likely attempt to use the data in multiple follow up attacks until you take action or click on something that could invoke malware onto your system.
CONCLUSION
In the first three sections: header, opening and body these malicious attackers still have yet to truly identify themselves. They have extended an offer which generally seems "too good to be true" and they have asked you for something of extreme importance and value; money, your name and address. There is additional data that can be gleaned from someone who responds to such a communication but we will keep it simple, in short do not make it easy for such attackers to identify you and pursue an even greater attack level.
I hope you enjoyed the post and if I may address any questions or be of service, it would be a sincerely pleasure. Happy Valentine's Day!
#ToYourSuccess @TiotBiz
SOAR / SIEM / XDR / ZTNA / IAM
7 年Thank you for the support, I will be concluding part 4 in the near future as it is time for me to move on to newly identified threats and strategic and tactical response and mitigation protocols. Often overlooked are Phishing Attacks from insiders, these are the vindictive and maniacal so called friends. You may not be surprised as to how many have NOT matured from High School like behavior!
SOAR / SIEM / XDR / ZTNA / IAM
7 年#Phishing and #keylogging #malware account for 63% of the identified data #breaches according to the #Verizon 2016 Data Breach Investigation report (DBIR). It is mind boggling to me how much is invested on technologies that do little to thwart the major issue permit #hackers to break into #networks once user #credentials and privileged user credentials are stolen. It seems like we can have a major impact if we are able to mitigate this one attack vector. Checkout #EndpointLock - https://bit.ly/2sWTvka