What’s the Difference Between Phishing and Spear-Phishing?

August. 29, 2020

6:00-7:00PM PST

Although seemingly similar in approach, phishing and spear-phishing are two distinct methods of online malicious attacks. In the process of phishing, the attacker effectively casts a net into the internet, or sends an email to a mass of people spoofing a well-known, credible brand or business. However, spear-phishing attacks are more focused and personal, targeting a very specific user by pretending to be a trusted individual or organization. And so, phishing and spear-phishing are quite different from one another. Understanding the distinction between each type of attack will help users to better detect and prevent them. 

What is Spear-Phishing?

Often malicious in intent, spear-phishing is a pinpointed attack on a particular user that aims to steal valuable, personal data like account credentials or banking information. By impersonating a trusted individual or organization via email or an alternative online messenger application, malicious actors such as cybercriminals, professional hackers or scammers can obtain personal details specific to the user such as their hometown, place of work, frequented locations, and recent purchases made online. The aim of such an attack is to 1. infect a device with a form of malicious software or 2. trick users into turning over credentials, personal information, or money.

How Does Spear Phishing Work?

Over the course of the past several years, spear-phishing emails have made great advances. Today, tracking such malicious emails can be incredibly arduous if the user lacks prior knowledge of and how to protect themselves against spear-phishing. Targeting users who share sensitive, personal information online, spear-phishing attackers scan social networking platforms for individual profiles. From such profiles, attackers will be able to discover an individual’s email address, geographic location, friends list, and any posts regarding recently purchased tech gadgets like computers or smartphones. After obtaining this information and social engineering, attackers might pose as the user’s friend, family member, or a trusted organization, sending the user a fraudulent, yet compelling message.

In an effort to boost the success rates of spear-phishing, the messages that malicious actors send to unsuspecting individuals typically involve intense explanations on why the requested sensitive information is so direly needed. They look like coming from a legitimate email addresses making it more convincing. A victim of such an attack might be urged to open a malicious attachment or to click on a link, sending them straight to a spoofed website that will require them to share personal, sensitive credentials for a number of websites. This will empower the attacker to utilize the user’s passwords to access any number of websites, enabling them to view the user’s confidential information -- most likely credit card information and Social Security Numbers. And once a sufficient amount of personal information is collected, the attacker will be able to gain access to bank accounts to make wire transfers or even produce entirely new identities. Alternatively, through the act of spear-phishing, users can be convinced to download malware or dangerous codes as a result of clicking on attachments or links included in the email content and messages.

Phishing vs Spear-Phishing

Phishing and spear-phishing are often confused for one another, as they are both types of web-based attacks performed with the goal of acquiring confidential data from a specific individual. However, it is critical to know the difference between phishing and spear-phishing. A much broader term used to categorize any attempt to persuade victims into sharing delicate data like login credentials such as usernames and passwords, financial or bank account information, social security number etc. to be used for nefarious purposes, phishing attacks are typically not specific to the individual user. Phishing attacks tend to be distributed to masses of people simultaneously. And through email, social media, phone calls (sometimes referred to as voice-phishing or “vishing”), and text messages (sometimes referred to as SMS-phishing or “smishing”), phishing attackers will impersonate credible organizations or companies. Overall, the intention of a phishing scam or attack is “to send a spoofed email (or other communication) that looks as if it is from an authentic organization to a large number of people, banking on the chances that someone will click on that link and provide their personal information or download malware.”

On the other hand, spear-phishing attacks are specific and highly targeted, targeting a particular user with unique, personalized messages tailored to best trick that individual. These messages are disguised, appearing as though they have been sent by a person or entity familiar to the user. Often including personal information specific to the user, spear-phishing attempts -- more often than not -- necessitate massive amounts of time and thought, especially when compared to phishing. This is very much due to the fact that gathering more of the user’s personal information serves to make spear-phishing emails appear to be more believable and well-founded. And the more distinctive and individualized a spear-phishing attempt is, the higher the attacker’s chance of successfully tricking their victim is. Moreover, however illegitimate, the personal nature of such emails makes detecting spear-phishing attacks incredibly difficult -- especially when compared to phishing attacks carried out on a large scale. So, although spear-phishing attacks certainly require more work, they are becoming increasingly prevalent as a result of their ability to skillfully fool recipients.

Avoid Spear-Phishing Attacks

Falling prey to a spear-phishing attack can put one’s utmost confidential and personal information in the hands of a malicious actor. Thankfully, there are tools that offer reliable phishing protection such as Trustifi and several steps that individuals can take to steer clear of these destructive, dangerous online threats.

Be Careful of the Personal Information You Share Online

It is imperative that users exercise an abundance of caution when sharing personal information online. As social networking platforms continue to gain momentum and experience consistent growth in popularity, online profiles only create less work for malicious actors looking to carry out spear-phishing attacks. Users are encouraged to evaluate their social media profiles and consider how much of their own personal information is readily available for potential attackers to view and utilize for the purpose of manipulation. If there is something that you would not want a potential attacker to access, it is advised that you either avoid posting or ensure that privacy settings are configured in a way that restricts what others -- specifically those you are not friends with -- can see.

Create Complex, Intelligent Passwords

The first step to protecting your online accounts is to create and implement complex, intelligent passwords that would be extremely difficult for anyone other than yourself to figure out. Furthermore, users are urged to avoid using one password or nearly identical passwords with slight modifications across all owned online accounts. Reused passwords or minorly varied passwords make a potential hacker’s job much less difficult. In this situation, if a single password is obtained by a malicious actor, they can successfully gain access to any number of that specific user’s accounts. Thus, all of the passwords a user creates should be unique and elaborate, as well as specific to each particular platform. The most secure passwords will include elements like numbers, random phrases, and both capital and lowercase letters.

Update Software Regularly

Another way to avoid spear-phishing is to stay on top of any and all software updates. Users are strongly encouraged to frequently perform software updates, specifically when notified of a new software update by their software provider. This is because many software updates also contain software security updates, which help to secure systems and provide safeguards against common attacks and improve spam detection. To ensure that software is always as up to date as possible, users are advised to enable automatic software updates when given the option to do so.

Refrain From Clicking Links in Emails

Users are strongly urged to steer clear of clicking malicious links included in email messages. To avoid potential spear-phishing schemes , users should launch their browser and visit the entity or organization’s site directly. Another option for avoiding spear-phishing email attempts is to hover your mouse over a link. This will expose the link’s true destination, allowing the user to better determine if it is, in fact, malicious. URLs that do not properly match up with the link’s anchor text or email’s supposed destination are likely to be malicious. However, in an attempt to better fool the user, a lot of spear-phishing attackers will try to confuse and disguise link destinations and the landing page, creating anchor text that appears to be a legitimate URL.

Use Your Best Judgement When Opening Emails

Users should always trust their instincts and logic when opening emails. An email that appears to be sent by a “friend” that requests a user’s personal information or credentials should be approached carefully. Users are advised to double-check that the email address the sender has used is one that their friend has used previously. Additionally, actual businesses would never send an email requesting an individual’s username and password. In either of these scenarios, the user should contact the friend or organization in question directly -- offline. Another option would be to visit the business’s official website to verify whether or not they were the entity that truly attempted to make contact.

Put a Data Protection Program Into Action

Cyber criminals can target your employees, gain network access to your company, and leak trade secrets. Organizations are highly encouraged to put a data protection program into action to help all employees to best avoid potential spear-phishing attacks, business email compromise, as well as other common online attacks such as a whaling attack. To best prevent data loss from such attacks, a data protection program would integrate user education regarding recommended data security procedures along with a robust data protection solution and cyber security awareness training. Business entities can greatly benefit from installing data loss prevention software, like that provided by Trustifi -- the easiest, most comprehensive email security solution on the market -- to adequately protect their valuable data from unapproved access, misuse, and departure. Trustifi integrates with the most common business tools such as G-Suite and Office 365. Such software would offer companies protection in the event that an employee is fooled by a spear-phishing attack.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Spotting and Protecting Against Malware: Adware and Malvertising

June. 12, 2020

3:00-4:00AM PST

The type of malware most commonly on the minds of tech-using individuals around the world is the computer virus, however, there are several variations of malware that can plague your device, network, server, etc. at any given time. Although the average user is highly unlikely to  encounter elite hackers that unleash the utmost technically-advanced malicious attacks, “run-of-the-mill, profit-generating malware, on the other hand, is rampant.“ For this reason, it is imperative to understand the characteristics of numerous kinds of malware so that you might be able to avoid data theft and destruction that might be left in their wake.

What is Adware?

Adware very well may be the variation of malware that the average user is most likely to face. To put it simply, adware is a type of malicious software that illegally slips into a user’s browsers and apps for the purpose of originating phony profits. Adware is quite similar to the pop-up ads of the past. However, while adware is a particular software that operates on a device, pop-ups ads are comprised of rogue web scripts that project ads onto a user’s device. And cyber-scammers have begun to utilize the nature of the widely held advertising revenue model to their advantage. By creating and putting more illegitimate ads onto the Internet, a larger quantity of eyeballs become likely to view such advertisements, which results in greater revenue placed in the pockets of these scammers. Although these ads were often obvious, conspicuous, and clumsy at their inception, most have evolved into more undistinguishable, refined, and stealthy versions of themselves over time.

 

Unfortunately, smartphones have become a near-perfect launching pad for the release of adware. This is due to the fact that scammers can disperse adware-tainted apps via smartphones via third-party app stores available to Android users. Moreover, these cyber-scammers can even leverage highly trusted app stores like the Google Play Store and Apple’s App Store by utilizing them to disseminated apps that are contaminated with adware. In doing so, such apps have the potential to land in the hands of millions of smartphone owners. These apps can distribute disingenuous ads onto these devices which either operate in the background or out in the open for the device owner to see. This is what separates adware from other forms of malware. Without necessitating the carrying out intricate cyber attacks, or even attempting to steal money from device owners, adware sneaks onto a device and causes mere inconvenience or slowed operating speed for the user. In doing so, the scammer behind the adware hopes to accumulate advertising revenue. And more often than not, adware supplies scammers with the greatest opportunity to generate profits. However, it is important to keep in mind that although adware may not pose an immediate danger to users, this type of malware effectively creates opportunities for future malicious activities that can put user data, networks, devices, etc. in jeopardy. Furthermore, it is not impossible for adware and other malicious software to be transmitted as a package deal, foretelling subsequent grave attacks.

Users can make an active effort to avoid adware by exclusively utilizing official app stores and downloading credible applications. Additionally, users should rid their phones of applications that they do not often use, as well as applications that regularly experience glitches or that are ad-heavy. Overall, since adware is the type of malicious software that smartphone users are most likely to run into, users should keep a consistent and vigilant eye out for it.

What is Malvertising?

An incredibly tough problem to address, malvertising is a type of malware that users often find most difficult to wrap their heads around entirely. Malvertising is the propagation of malicious code that lives within online advertisements, waiting for just the right moment to contaminate the device of an unknowing user. Malvertising has found success, in part, due to user’s seemingly unshaken trust in mainstream websites such as Youtube and Reuters. Individuals visiting these sites often do so with peace of mind founded in the credibility associated with such platforms, but malicious actors are taking advantage of this confidence in order to infect user devices, networks, etc. -- sometimes without a single click of a button -- via third-party content that typically goes unnoticed by the user. It isn’t enough to steer clear of sketchy websites because “mainstream, high-trafficked Web sites today outsource the ad content on their pages to a vast array of third-party ad networks, including household names like Google (DoubleClick) to start-up providers and others well under the radar.” When users utilize these mainstream sites, their device -- unbeknownst to most -- is, in fact, making connections with several additional URLs. The main purpose of this is to boost convenience and efficiency on the web, offering features like video files and more in-depth web interactions. However, this effectively opens the doors to malvertising attempts, rendering the credibility of sites almost entirely inconsequential. In fact, malvertising is oftentimes dependent on this credibility, as it makes it easier to attract unsuspecting users to other contaminated domain addresses.

Moreover, malicious attackers leveraging malvertising greatly benefit from their easily maintained anonymity. This is typically due to the fact that the operators of the sites that ultimately serve these harmful advertisements entirely lack visibility of such ads. To top it off, ads rotate from site to site at rapid speeds and can even be purchased with theft credentials and assets, making it increasingly difficult to identify the malicious actor in question. And much of the success of malvertising is thanks to the preexisting nature of the modern advertising industry. The modern ad model only makes it easier for malicious actors to weaponize frequent user behavior, as it enables these cyber attackers to benefit from the profiling and targeting that is already in place -- all while they remain anonymous. And it doesn’t look like malvertising is going to lose its popularity any time soon. Malvertising is an incredibly lucrative form of malicious activity that is bolstered by the credibility and reputation of mainstream sites, and that, unfortunately, cannot be anticipated and is terribly tough to avoid without the mobilization of antivirus tools.

References

Newman, Lily Hay. “Here's the Malware You Should Actually Worry About.” Wired, Conde Nast,

21 July 2019, www.wired.com/story/adware-most-common-malware/.

Rahul Kashyap, Bromium. “Why Malvertising Is Cybercriminals' Latest Sweet Spot.” Wired,

Conde Nast, 7 Aug. 2015,

www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/.

Try Trustifi Today

EMAIL SECURITY PLATFORMS
FOR BUSINESS

See if Trustifi Is Right for Your Organization

Viruses vs Worms

June. 05, 2020

2:00-3:00AM PST

In order to properly thwart malware, it is essential to understand the various classifications of malware that one may encounter at some point. As intrusive software created with the goal of ensuing damage and destruction to a slew of devices, malware comes in numerous forms -- all bringing along their own problems to be addressed in varying degrees. According to PCWorld, a PC plagued by malware might exhibit symptoms that include, but are not limited to a “slower-than-usual performance, a sudden spate of pop-ups, and other anomalous issues.” However, of all of the shapes that malware can take, two are commonly confused for one another: viruses and worms. User data is precious and incredibly valuable. By creating awareness and boosting overall knowledge regarding these two different kinds of malware, we aim to help users to spot them more easily, in turn equipping them to avoid catastrophic data or IT information loss.

What is a Virus?

Although most appearances of malware are commonly assumed to be viruses, this is not an accurate categorization. As technology, and as a result, cybersecurity threat tools, have evolved and advanced, occurrences of computer viruses have become rather sparse. Today, viruses account for a mere 10% of overall malware appearances. A subcategory of malware, a computer virus is a malicious software linked to a file or document, enabling the execution of destructive code that can spread from network to network. It is crucial to note that nearly every virus is enabled as a result of its attachment to an executable file. So, following download, a virus will remain inactive until opened and in operation. In other words, when a user executes such a file, the user -- in effect -- executes the virus themselves. This malicious software is designed with the goal of bringing destruction and interference upon a system’s operations. Consequently, viruses can trigger major, catastrophic data loss and operational complications.

Despite major technological improvements made over the course of the past few decades, a virus is surprisingly still the only type of malware that can infect other files, making them incredibly difficult to eradicate. Follow this spread of infection, the virus can then transfer itself to documents, files, code, etc. located on additional devices via memory-storage devices, online systems, and networks -- often multiplying until data is obliterated or program codes become debilitated entirely. Moreover, viruses can vary greatly in their severity, with damages ranging from benign humor to immediate and total system ruin. And individuals who encounter the later may find their valuable data permanently compromised.

What is a Worm?

Similarly, a worm manifests itself as malicious software that quickly multiplies and disseminates to any, and sometimes all devices operating within the network. Differentiating themselves from viruses, worms are traditionally independent software and do not require a host program in order to circulate. In fact, absolutely no human action is needed for a worm to multiply and disperse across a number of networks, wreaking havoc. Following the infection of a device through a network connection or downloaded file, worms aggressively reproduce and spread. Easily distributing themselves across systems, worms can either take advantage of a vulnerability on a target network or weaponize a form of social engineering in order to deceive users into carrying them out. Furthermore, a worm is able to freely traverse a system by either entering a device via a fragile point or by taking advantage of file or information transport features on a device. 

According to Encyclopedia Britannica, the first worm was released onto the Internet in November 1988 from MIT, by “a computer science student at Cornell University named Robert Morris” who hoped to maintain anonymity as a guest on campus. The birth of the computer worm was rather harmless, aside from forcing nearly 1/10 of the Internet to cease operations briefly. But as time passed and technology continued to flourish, worms became a tool for cybercriminals. And very much like viruses, worms can significantly disrupt a device’s operations, bringing about disastrous levels of data loss. Self-replicating and easily-dispersed, highly evolved worms can leverage other forms of malware, like ransomware, to bring about particularly harsh attacks on their targets. Worms are frequently key elements of cybersecurity attacks, with attackers utilizing their functions to produce zombie computers that become firmly linked in botnets, all with the purpose of dispersing spam or flooding web site with blackmail schemes and other methods of denial-of-service attacks.

How Should Malware Be Addressed?

There is no one surefire method to discern whether or not a device has been plagued with malicious code. As previously mentioned, some infections that may plague devices have the potential to completely obliterate files and ultimately shut down the device. On the other hand, some infections may only mildly impair a device’s typical operations, making it immensely difficult to locate the exact root cause of malware. Individuals are advised to keep an eye out for any abnormal and peculiar device behavior. However, anti-virus software can provide users with alerts of any malicious software that has made its way onto a given device or network. And oftentimes, this anti-virus software may be able to rid a device of malicious actors all on its own. But it is crucial to keep anti-virus software as updated as possible. Cyberattackers are constantly evolving their codes and tactics in an effort to successfully debilitate victim’s devices. Malware can be costly to a user’s wallet, time, and valuable data. Strengthening a device or network’s defenses against malicious code can help to avoid any malware induced damages. Keeping software up to date, regularly changing passwords, installing and enabling a firewall, and following good network security practices are the key to protecting devices against malware in all its forms.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid several kinds of malware is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect against malware while supplying clients with consistent alerts of any cybersecurity vulnerabilities or malicious actors within their network.

References

The Editors of Encyclopaedia Britannica. “Computer Worm.” Encyclopædia Britannica,

Encyclopædia Britannica, Inc., 10 Nov. 2017,

www.britannica.com/technology/computer-worm.

Geier, Eric, and Josh Norem. “How to Remove Malware from Your Windows PC.” PCWorld,

PCWorld, 6 May 2019,

www.pcworld.com/article/243818/how-to-remove-malware-from-your-windows-pc.html.

Try Trustifi Today

EMAIL SECURITY PLATFORMS
FOR BUSINESS

See if Trustifi Is Right for Your Organization

Expensive—and Preventable—Data Breach Hits Altice

March 11, 2020

10:00-11:00AM PST

Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.

Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.

Data Breaches through Phishing Emails

What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.

Suchdata breach attacks are exceedingly costly:

  • Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
  • It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
  • The company must cover the cost of credit monitoring services for everyone compromised.
  • As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.

And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.

Phishing Email Data Breaches Are Preventable

Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.

Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.

Also Protect What You Send

Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.

As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit.  The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.

Try Trustifi Today

EMAIL SECURITY PLATFORMS
FOR BUSINESS

See if Trustifi Is Right for Your Organization