Page 63 - index
P. 63
What many people don’t realize is that consumers are giving cybercriminals everything they
need to launch very successful and sophisticated attacks. Uneducated consumer use of social
networking sites is feeding the phishing problem. Here are some examples of risky behaviors
that enable phishers to create increasingly effective attacks.
First and foremost everyone is oversharing information. This gives new meaning to the phrase
“TMI” (Too much information). We are sharing too much information in social networking sites,
everything from our birthday and anniversary to our kid’s names, our friend’s names, our
employer and co-workers and their names. All of this information can be used to create very
targeted and believable phishing attacks.
In addition to the oversharing there are other risky behaviors in social media.
39% of users don’t log out after each session
25% share their passwords
31% connect with people they don’t know
8
As a result, 15% of social media users have had their profile hacked and impersonated. On the
surface 15% of social media users being compromised doesn’t seem like many. But consider
that right now there 1.4 billion people on Facebook alone. That equates to 210 million people
who have had their profile hacked and impersonated and who have given phishers great
information to form targeted attacks on a large percentage of the population.
Here are some of the more sophisticated attacks that phishers have been using successfully.
Recent Sophisticated Attacks
Recent phishing attacks are not the “easy-to-spot
Nigerian Prince” attacks. These attacks are well
disguised and require an educated computer use to
identify them. What both of these phishing attacks have
in common is that they use common tools, Google
Docs, and text messages, to catch “victims” by surprise.
A Google Docs phishing attack used an email with the
subject line of “Documents” and had content urging the
recipient to open a document via an embedded URL.
The link looks like a pretty legitimate link because it is
pointing to a Google page hosted on Google servers.
Unfortunately the login form, shown here, was a fake
Google login and enabled the criminals to collect the
Google credentials for every person who attempted to login to access the document.
63 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
