In many instances, chances are, that email did not actually come from the network administrator. Such cases fall within the concept of spear-phishing, a type of phishing attack that is specifically targeted to an organization, in a ploy to extract confidential data, financial details, logon information, intellectual property, or an attempt to steal usernames and passwords from systems or networks.[1] Whereas traditional phishing scams are designed to steal information from individuals, spear-phishing scams work to gain access to a company's entire computer system.[2]
People are fooled by these tactics because the source of the electronic communication appears to be one known and trusted by the recipient, the information contained in the message appears legitimate, and a logical basis seems to support the request for such information. The repercussions of this unauthorized access, however, are serious. Only one person is needed to fall for the ploy in order to make the system-wide infiltration possible. If an employee of a corporation takes the bait, for example, the spear-phisher will be able to pose as that individual and therefore gain access to confidential corporate data. Even worse, if spear-phishing is directed towards military and government employees, state secrets could be revealed and national security could be at risk.
Several things may be done to keep us from falling prey to such scams. One is to avoid posting personal information on blogs or social networking sites. Spam filters must also be configured on its strictest settings. Anti-virus, operating systems and internet browsers must likewise be updated with the latest versions. There is also a way to confirm the validity of what appears to be a legitimate email from a certain institution. When most organizations send an email to personal accounts, they also send one to the person’s account message box on their website. Thus, logging on to your account through the organization’s official website and checking the email from there is advisable. Lastly, as a rule of thumb, suspicious links must never be clicked; neither must personal information be send through email.[3]
No comments:
Post a Comment