Phishing emails

Comments are off
Like
Marcelo Orlandi
Phishing emails

Are you aware of phishing emails? Phishing emails are emails which send with the purpose of obtaining sensitive information such as passwords, username, date of birth, or even credit card details.

They are normally sent as spam to thousands of users. If the email looks legitimate they will get a high hit ratio from end users.

Another type of attack is spear-phishing emails. This type of emails is more targeted specifically to some roles such as CEO, CFO, HHRR or companies in order to get specific information and even money. Normally before this type of attack there exist a reconnaissance stage in order to get information about the target through social engineer and the use of social media.

Another variation, called whaling attack, is used to perpetuate what is known as CEP fraud or business email compromise (BEC). The purpose of these highly targeted attacks is to extract money via wire transfer or get access to highly sensitive data. BEC victims have increased by 1,300% between 2015 and 2016 alone and this type of attack was mainly used for wire transfer.

Access to any of these tools are very easy as a phishing campaign can cost as little as $2-$10 on the black market. These kits are easily customizable and do not require any specific skills to use.

Keep an eye on those unusual emails.

Until the next Monday Malware. Be safe out there.