itechfy
No Result
View All Result
  • Marketing
  • Tech
  • Business
  • Web Design
  • Health
  • More…
    • Automotive
    • Career
    • Economy
    • Education
    • Entertainment
    • Environment
    • Family
    • Finance
    • Fitness
    • Food
    • General
    • Home
    • Legal
    • Lifestyle
    • Music
    • Pets
    • Photography
    • Real Estate
    • Shopping
    • Travel
Contact us
itechfy
  • Marketing
  • Tech
  • Business
  • Web Design
  • Health
  • More…
    • Automotive
    • Career
    • Economy
    • Education
    • Entertainment
    • Environment
    • Family
    • Finance
    • Fitness
    • Food
    • General
    • Home
    • Legal
    • Lifestyle
    • Music
    • Pets
    • Photography
    • Real Estate
    • Shopping
    • Travel
Contact us
itechfy
No Result
View All Result

Don’t Fall for the Bait  – Michael Pertuit

Don’t Fall for the Bait  – Michael Pertuit
Share on FacebookShare on Twitter

Don’t Fall for the Bait  – Michael Pertuit

How many times have you received an email that looks to be from a legitimate source or a government entity notifying you of long-forgotten money awaiting you or some pending legal action?

The line between legitimate emails and fake emails is getting blurred. Scammers and malicious actors are continuously finding ways to improve their fake email campaigns (called phishing) in an attempt to monetize their efforts…and they are often successful.

Phishing is a big business. According to a study from the Ponemin Institue on behalf of Proofpoint (https://www.proofpoint.com/us/resources/analyst-reports/ponemon-cost-of-phishing-study), the monetary cost of phishing attacks has risen 4-fold in the past 6 years with the average cost in the United States reaching $14.8 million in 2021 compared to $3.8 million in 2015.

What are some different phishing attacks?

1. Phishing attacks that demand immediate action

These attacks traditionally have been via email, but are now evolving to be also delivered via text (smishing) or via telephone (vishing). Here the malicious actor is requiring you to take immediate action to avoid some repercussions.

It could be someone who poses as a government authority or an alert from your financial institution notifying you of fraudulent activity. In any instance, the hope is for the victim to click on a link that directs the victim to a website that is controlled by the malicious actor in order to either capture sensitive information like banking details or request payment, typically via gift cards.

2. Phishing attacks that offer “services”

These attacks are straightforward; the malicious actor contacts the victim and poses to offer some sort of “legitimate” service. I have seen examples where a victim navigates to a fraudulent website and then receives a pop-up indicating that there is a virus or other issue with their computer.

They are then directed to a company for remediation. In actuality, there is no company doing remediation and the individual that they are contacting is going to remediate something that wasn’t there, to begin with and request payment or try to trick the victim into allowing the malicious actor access to their computer where they will exfiltrate data and extort the victim into paying to prevent their data from being leaked.

3. Phishing attacks that pretend to be sent from someone else

These attacks are usually targeted and prey on the human instinct to trust but not verify. The malicious actor pretends to be someone that the victim may know. The malicious actor will usually do some sort of reconnaissance via social media accounts to get background information on the victim.

They will then craft an attack that makes the victim believe that it is someone that they know. Once a level of trust is established, then the malicious actor will try to get information or payment from the victim.

4. Phishing attacks that contain a malicious payload

These attacks leverage the above mechanism with the same end goal: monetize the attack. However, the means to monetization is via a payment from ransomware, a payment from extortionware, or gaining sensitive financial information.

The key difference in these types of attacks is that the malicious actor wants to get the victim to open an attachment that will launch malware into an environment in the hopes of deploying a successful ransomware campaign, data exfiltration campaign, or a campaign to capture sensitive financial data.

Related Posts

Unlocking Global Communication with Machine Translation Post-Editing (MTPE)
General

Unlocking Global Communication with Machine Translation Post-Editing (MTPE)

Unlocking the Fountain of Youth: NMN Supplement and Its Potential Benefits
General

Unlocking the Fountain of Youth: NMN Supplement and Its Potential Benefits

The Sweet World of Wholesale: A Comprehensive Guide to Wholesale Sweets
General

The Sweet World of Wholesale: A Comprehensive Guide to Wholesale Sweets

Unlocking Global Communication with Machine Translation Post-Editing (MTPE)
General

Unlocking Global Communication with Machine Translation Post-Editing (MTPE)

In an increasingly globalized world, businesses are expanding their horizons by venturing into international markets. To foster seamless communication and...

Read more
From NLP to Wireless: The Expanding Horizons of Machine Learning Applications

From NLP to Wireless: The Expanding Horizons of Machine Learning Applications

Understanding Family-Based Immigration: Immediate Relatives vs. Preference Categories

Understanding Family-Based Immigration: Immediate Relatives vs. Preference Categories

Unlocking the Fountain of Youth: NMN Supplement and Its Potential Benefits

Unlocking the Fountain of Youth: NMN Supplement and Its Potential Benefits

Exploring All-Terrain Robots: Challenges and Advancements

Exploring All-Terrain Robots: Challenges and Advancements

Are you looking for ways to earn money on Cashout Fridays
game

Are you looking for ways to earn money on Cashout Fridays

Samsung’s Marketing Strategy
Marketing

6 Lessons to Learn from Samsung’s Marketing Strategy

Auto-Run Python Program on Raspberry Pi Startup
Tech

Auto-Run Python Program on Raspberry Pi Startup

Don’t Fall for the Bait  – Michael Pertuit
General

Don’t Fall for the Bait  – Michael Pertuit

6 easy ways to convince investors to invest in your startup
Business

6 easy ways to convince investors to invest in your startup

No Result
View All Result
  • Automotive
  • Business
  • Career
  • Economy
  • Education
  • Entertainment
  • Environment
  • Family
  • Finance
  • Fitness
  • Food
  • General
  • Health
  • Home
  • Legal
  • Lifestyle
  • Marketing
  • Music
  • Pets
  • Photography
  • Real Estate
  • Shopping
  • Tech
  • Travel
  • Web Design