Your digital footprints could help hackers infiltrate computer networks
Following footprints to better bait
Phishing attacks havedoubled from early 2020. The success of phishing attacks depends on how authentic the contents of messages appear to the recipient. All phishing attacks require certain information about the targeted people, and this information can be obtained from their digital footprints.
Hackers can use freely availableopen source intelligencegathering tools to discover the digital footprints of their targets. An attacker can mine a target’s digital footprints, which can include audio and video, to extract information such as contacts, relationships, profession, career, likes, dislikes, interests, hobbies, travel and frequented locations.
They can then use this information tocraft phishing messagesthat appear more like legitimate messages coming from a trusted source. The attacker can deliver these personalized messages,spear phishing emails, to the victim or compose as the victim and target the victim’s colleagues, friends and family. Spear phishing attacks can fool even those who are trained to recognize phishing attacks.
One of the most successful forms of phishing attacks has beenbusiness email compromiseattacks. In these attacks, the attackers pose as people with legitimate business relationships – colleagues, vendors and customers – to initiate fraudulent financial transactions.
A good example is the attack targeting the firmUbiquity Networks Inc. in 2015. The attacker sent emails, which looked like they were coming from top executives to employees. The email requested the employees to make wire transfers, resulting in fraudulent transfers of $46.7 million.
Access to the computer of a victim of a phishing attack can give the attacker access to networks and systems of the victim’s employer and clients. For instance, one of the employees at retailer Target’s HVAC vendorfell victim to phishing attack. The attackers used his workstation to gain access to Target’s internal network, and then to their payment network. The attackers used the opportunity to infect point-of-sale systems used by Target and steal data on 70 million credit cards.
A big problem and what to do about it
Computer security companyTrend Microfound that 91% of attacks in which the attackersgained undetected access to networksand used that access over time started with phishing messages.Verizon’s Data Breach Investigations Reportfound that 25% of all data breach incidents involved phishing.
Given the significant role played by phishing in cyberattacks, I believe it’s important for organizations to educate their employees and members about managing their digital footprints. This training should cover how tofind the extent of your digital footprints, how tobrowse securelyand how touse social media responsibly.
[Over 150,000 readers rely on The Conversation’s newsletters to understand the world.Sign up today.]
This article byRavi Sen, Associate Professor of Information and Operations Management,Texas A&M University, is republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.
Story byThe Conversation
An independent news and commentary website produced by academics and journalists.An independent news and commentary website produced by academics and journalists.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
