Page 9 - The Bureau - Cyber Security Awareness e-book.indd
P. 9
Spear Phishing.
This is where a phishing campaign is a lot more specific and targeting a specifi c organisation
or individual. A Spear Phishing campaign may take weeks or months of background research
by the fraudsters to gather enough information to make their scam convincing enough to work.
Water-Holing.
This technique takes advantage of Websites people regularly visit and trust. The attacker will
again research the selected group of Web users to discover the sites they most regularly visit
and seem to trust and then look for the vulnerabilities on those sites to plant exploit and other
nasty code. It is then a matter of time before one or more of the target users becomes infected
with malicious code or is hacked.
Quid Pro Quo.
You give me something and I will give you something. Typically, this will again be an email
offering you a free shopping voucher, or BITCOIN sign-up screen and similar offers to encourage
the user to click to accept or enter, where upon you download exploit code and your PC is
infected. This is now happening on mobile phones.
Honeytrap.
This is usually aimed at men where attractive women are promoted via an online dating site,
or similar to trick them into clicking a malicious Web link.
Rogue Virus Scans - Scareware.
Fake or Rogue anti-virus, anti-spam and anti-spyware have become frequent arrivals in email
in-boxes in recent times, designed to trick us into downloading or running a fake scan which
again infects our PCs with malware or hack exploit code.
Conclusion.
By paying more attention to the way we use our office IT many phishing and ransom attacks
can be stopped in their tracks.