Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2255

Abstract

Photo by <a href="https://unsplash.com/@jamessutton_photography?utm_source=medium&utm_medium=referral">James Sutton</a> on <a href="https://unsplash.com?utm_source=medium&utm_medium=referral">Unsplash</a></figcaption></figure><p id="2663"><b>You should be careful if:</b></p><ul><li>The email contains a “call to action” link or other clickable link. The chances are that this link can be malicious and lead to a site that is just a copy. These sites are typically used to steal your credentials or bank information.</li><li>The email contains an attachment file. This attachment file can be malicious. Only open files that you are expecting to see within the email.</li><li>Bad Grammar. This is a no-brainer, if an email is full of spelling errors, it probably is not legit.</li><li>The email has the “Dear Sir” or “Dear Madam” greeting on it.</li><li>The sender's address is incorrect. The message can say that it’s a message from Microsoft, but if the sender's address is <a href="mailto:[email protected]">[email protected]</a> , it is fake.</li></ul><div id="1e52" class="link-block"> <a href="https://jonilaakso.medium.com/what-is-cia-in-cybersecurity-92121fe54989"> <div> <div> <h2>What is CIA in Cybersecurity?</h2> <div><h3>The acronym CIA contains important concepts for CyberSecurity.</h3></div> <div><p>jonilaakso.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*Vuo-puFvGukFh26i)"></div> </div> </div> </a> </div><h2 id="7de7">But what exactly is spear-phishing?</h2><p id="b352">Spear-phishing is a more targeted form of phishing. With spear-phishing, the cybercriminal has a specific target within an organization. It involves more personalized messages to the victim.</p><h2 id="1cc1">Phishing is a real problem</h2><p id="641b">It’s a sad truth that people fall in these kinds of attacks all the time. People are victims of this type of attack due to their haste, emotions, and lack of education.</p><p id="837b"><b>Here are three example cases where phishing was successful:</b></p><ul

Options

<li>Colonial Pipeline (2021): <a href="https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html">https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html</a></li><li>Google and Facebook phishing scams (2013–2015): <a href="https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html">https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html</a></li><li>Sony (2014): <a href="https://www.theguardian.com/us-news/2014/dec/19/north-korea-responsible-sony-hack-us-official">https://www.theguardian.com/us-news/2014/dec/19/north-korea-responsible-sony-hack-us-official</a></li></ul><p id="be44">Those cases involve big corporations, but there are a lot more of these kinds of cases in the world, and not all of the victims are corporations.</p><p id="f9a3">Related to this topic, I was listening to a Finnish podcast named “<a href="https://hakkerit.libsyn.com/">Herrasmieshakkerit</a>”, and they mentioned this song about ransomware by Wasabi Cloud. This song is funny but has a great message: Think before you click.</p>

    <figure id="f22f">

        <div>
          <div>
            <img class="ratio" src="http://placehold.it/16x9">
            <iframe class="" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FSBhPLvQqoB8%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSBhPLvQqoB8&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FSBhPLvQqoB8%2Fhqdefault.jpg&amp;key=a19fcc184b9711e1b4764040d3dc5c07&amp;type=text%2Fhtml&amp;schema=youtube" allowfullscreen="" frameborder="0" height="480" width="854">
          </div>
        </div>
    </figure></iframe></div></div></figure><h2 id="2dac">Conclusion</h2><p id="1b17">Phishing messages are a real problem. They are sent in bulk with the hope that someone takes the bait. Spear-phishing messages are more tailored for the victim.</p><p id="cf67">You can recognize a scam if you take the time to analyze your email.</p><p id="69c4">If there is something I want you to remember from this article, it is the message from Wasabi Clouds’ song: “Think before you click.”</p></article></body>

Have You Heard About Phishing?

It’s a beautiful day outside. The sun is shining, birds are singing, and leaves rustle when touched by a warm summer breeze. This day is a perfect one for father-son bonding time.

The father wakes up the son. They eat a healthy breakfast and laugh at silly jokes they make while eating. The day feels perfect! This day is for father-son time.

“It’s time, son. Let’s go phishing.”

Phishing is not fishing, but they have similarities

I really hope that this kind of perfect family moment doesn’t exist in a cybercriminal world.

When I heard the term “phishing”, I thought it was something related to fishing — which, in a way, it is.

Phishing is a social engineering attack that aims to steal your identity, steal your money, or get you to reveal personal information (e.g., bank information, credentials). Phishing emails are sent in bulk, and then the cybercriminal waits for someone to take the bait.

Sorry to shatter the mental image. It probably doesn’t involve a great day by the lake with your family.

The term “phishing” can be mixed with “smishing” and “vishing.” There are differences between these types of attacks:

Smishing is done via SMS
Vishing is done via phone, voicemail, or VoIP
Phishing is done via email.

There’s also the concept of “spear-phishing,” which I’ll go over later in the article.

How do I recognize a phishing email?

At first, a phishing email can look like a valid email. But when you take the time to inspect it, you can detect things that are not quite right.

You should be careful if:

The email contains a “call to action” link or other clickable link. The chances are that this link can be malicious and lead to a site that is just a copy. These sites are typically used to steal your credentials or bank information.
The email contains an attachment file. This attachment file can be malicious. Only open files that you are expecting to see within the email.
Bad Grammar. This is a no-brainer, if an email is full of spelling errors, it probably is not legit.
The email has the “Dear Sir” or “Dear Madam” greeting on it.
The sender's address is incorrect. The message can say that it’s a message from Microsoft, but if the sender's address is [email protected] , it is fake.

What is CIA in Cybersecurity?

The acronym CIA contains important concepts for CyberSecurity.

jonilaakso.medium.com

But what exactly is spear-phishing?

Spear-phishing is a more targeted form of phishing. With spear-phishing, the cybercriminal has a specific target within an organization. It involves more personalized messages to the victim.

Phishing is a real problem

It’s a sad truth that people fall in these kinds of attacks all the time. People are victims of this type of attack due to their haste, emotions, and lack of education.

Here are three example cases where phishing was successful:

Colonial Pipeline (2021): https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html
Google and Facebook phishing scams (2013–2015): https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html
Sony (2014): https://www.theguardian.com/us-news/2014/dec/19/north-korea-responsible-sony-hack-us-official

Those cases involve big corporations, but there are a lot more of these kinds of cases in the world, and not all of the victims are corporations.

Related to this topic, I was listening to a Finnish podcast named “Herrasmieshakkerit”, and they mentioned this song about ransomware by Wasabi Cloud. This song is funny but has a great message: Think before you click.

Conclusion

Phishing messages are a real problem. They are sent in bulk with the hope that someone takes the bait. Spear-phishing messages are more tailored for the victim.

You can recognize a scam if you take the time to analyze your email.

If there is something I want you to remember from this article, it is the message from Wasabi Clouds’ song: “Think before you click.”