One prime phishing example is this fake Paypal security notice that warns potential marks of “unusual log- in activity” on their accounts:

While hovering over the links would be a dead giveaway that this is a phishing email, enough targeted users click without thinking and scams like this continue.

Spear Phishing – In a spear phish- ing attack, the bad guys use a deep knowledge of the potential victims to target them, which allows them to tailor the attack. These emails are more convincing and harder to detect

than regular phishing emails, since the attacker knows exactly who and what they’re targeting. Unlike mass phishing emails which may be attempting to distribute ransomware or gather individual login credentials to make a quick buck, spear phishers are normally after confidential information or business secrets.

Pretexting – An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It’s a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information. One common method is when they call a victim and say they are doing a survey. The pretexter asks a few questions that seem legit- imate. Next, they solicit from their would-be victims more personal information about them. This sensitive data is then used by scammers to steal the victim’s identity.

Whaling – This is another evolution of phishing attacks that uses sophisticated social engineering tech- niques to steal confidential information, personal data, access credentials to restricted services/resources, and information with relevant value from an economic and commercial perspective. What distinguishes this category of phishing from others is the choice of targets: executives of private businesses. The email is designed to masquerade as a critical business email sent from a legitimate authority. Typically, the con- tent of the message sent is designed for upper management and reports some kind of fake company-wide concern or highly confidential information.

Watering Hole – This technique takes advantage of websites people regularly visit and trust. The attacker gathers information about a targeted group of individuals to find out what those websites are, then tests those websites for vulnerabilities. Over time, one or more members of the targeted group will get infected, giving the attacker access to the secure system.

Baiting – Baiting means dangling something in front of a victim so they will take action. It can be through a peer-to-peer or social networking site in the form of a movie download or it can be a USB drive left out in a public place for the victim to find. Once the device is used or malicious file is downloaded, the victim’s computer is infected, allowing the criminal to take over the network.

Quid Pro Quo – Latin for ‘something for something,’ in this case it’s a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone they can find at a company to say they have a quick fix and “you just need to disable your AV.” Anyone that falls for it gets malware installed on their machine.

Rogue – A form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware.

Old-fashioned phone calls are also making a comeback. Some of the bad guys these days have Internet Protocol (IP) phones with caller ID numbers in your area code, which entices you to answer when they call.

10 | The Retailer Magazine | Mar/Apr

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36