Spoofing and Phishing

Don’t be Fooled by a Spoofing Attack

Ah, the art of disguise. Ever since the Big Bad Wolf and Little Red Riding Hood (and probably earlier), one of the oldest tricks in the book is for a miscreant to pretend to be someone else - a phone or appliance repairman, a contractor, someone from the government, or even a police officer - in order to gain access to a residence or business and either steal things then and there or check out what’s there for later breaking and entering.

 


What is Spoofing?

A spoofing attack is typically carried out by email. In this attack, the hacker sends an email that appears to come from someone, you or your business should trust: a long-time customer or vendor, contractor, service provider, government agency, or some other trusted entity. Sometimes, the email is disguised to look like it came from a high ranking officer of your company; this tends to work better in large, multinational companies. Often, the email includes an attachment, and the text of the email claims that the attachment is an important document - an invoice, a contract, some other legal document, or even instructions for claiming a prize or monetary windfall of some kind. In other cases, the email contains a link to a payment site or a malicious software download.

More Prevalent Than You Think

Spoofing has been around for a long time, and it doesn’t get much attention in the popular press anymore, but it happens much more than you might think. The reason spoofing is still popular among hackers is that although it requires more legwork.

Protecting Yourself

Like all cyber attacks that rely on social engineering, the last line of defense against spoofing is the end users—and end users aren’t always as vigilant as they should be.

Be cautious with links

Do not click on web links or open PDF attachments found in unsolicited email messages.

Use unique passwords

Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen from one site and you use the same username and/or password on others,
it's easy.

Safeguard sensitive data

Unsuspecting people are mistakenly handing oversensitive information to scammers all too often. If you receive an unsolicited email, do not send payment or reply with personal information.

 


Most Impersonated Companies

Microsoft, Netflix, PayPal, Bank of America, Chase, DHL, Facebook, Docusign. LinkedIn, and Dropbox

 


PhishingSeason is on!

Phishing cyberattacks and other social engineering exploits such as "vishing" (voice phishing) and "smishing" (SMS/text phishing), are on the rise, according to new data from cybersecurity firm Proofpoint.

For its fifth annual State of the Phish Report, released Thursday, the cyber-security firm polled around 15,000 information security professionals around the world about their views of the threat landscape and experiences with phishing. Almost all of them (96 percent) said the rate of phishing attacks remained the same or increased in 2018.

Eighty-three percent of respondents said they experienced phishing attacks last year, up from 76 percent who said the same in 2017. Around half (49 percent) experienced vishing and/or smishing, up from 45 percent a year earlier, and 4 percent faced USB-based social engineering attacks via infected thumb drives, up from 3 percent.

Proofpoint also found that spear-phishing attacks, which target a specific individual or organization, are becoming more prevalent. Sixty-four percent of respondents faced these highly targeted attacks last year, up from 53 percent in 2017.

About: Nomi