Email Phishing Has Never Been Easier

People aren’t always who they seem on the Internet. There are thousands of Nigerian princes out there, and 60-year-old men pretending to be 20-year-old women who look like supermodels. I remember my days in the ‘90s as a teenager on IRC. I knew that kids my age were disrespected, so I pretended to be a quadragenarian woman from San Francisco.

So, phishing has been a big cybersecurity problem for a long time, becoming common as more and more homes and offices got Internet access. It’s still a big problem these days, and it might be getting worse.

Phishing is a type of social engineering attack that involves attackers pretending to be trusted entities using email or websites. A classic example is when an attacker sends a target an email that appears to be from their bank. The email might spoof the bank’s domain name in its displayed email address of origin, and it might have graphics embedded in an HTML body which imitate visual designs that the bank uses.

The text body could say something like, “a hacker tried to access your online banking. Click here to change the password on your account.” Clicking the link could lead to a phishing website that imitates the bank’s online UI that asks for login credentials in a web form, effectively tricking the target into voluntarily disclosing their username and password.

DMARC of Authenticity

In the good old days of the ‘80s, ‘90s and the first decade of the 21st century, spoofing a sender’s email address was often as simple editing an email header and replacing the sender field with whatever email address you could imagine.

Add a psychological element to the mix and an email from “auditing@irs.gov” could make a recipient really nervous, or one from “bgates@microsoft.com” could make (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog