Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":883,"date":"2018-10-28T18:11:29","date_gmt":"2018-10-28T18:11:29","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=883"},"modified":"2019-04-17T12:52:14","modified_gmt":"2019-04-17T12:52:14","slug":"883","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2018\/10\/28\/883\/","title":{"rendered":"Phishing Isn\u2019t Always about the Benjamins"},"content":{"rendered":"

$\"money\"$ If you can step back and look at it objectively, phishing is a bit of an art form. Unlike \u2018regular\u2019 spam, which often intentionally dumbs it down to weed out intelligent people, phishing campaigns are generally well-crafted and well thought-out, and in some instances, targets are researched ahead of time so phishing attacks can be customized. The most effective phishing campaigns come in the form of emails that are virtually indistinguishable from the real thing. Phishing is arguably the most dangerous of all forms of spam, because the risk for financial loss is greater. But it can be even more dangerous to misunderstand the threat, and if you thought phishing was all about the dollars and cents, you\u2019d better think again.<\/p>\n

It\u2019s natural to focus on things like bank fraud and information theft for the gain of money when thinking about phishing. But what if phishing is more than that? Think about the recent theft<\/a> of celebrity photos from iCloud. That\u2019s a perfect example of phishing for gain other than money, and in that attack, the damage was disastrous for those affected. It affected Apple\u2019s reputation<\/a>, and reputation is money. In fact, it\u2019s opened the company\u2019s iCloud service up to other potential attacks<\/a>.<\/p>\n

It affected the celebrities whose pictures made it out into the wild, both emotionally<\/a> and financially. Lawsuits cost money. The emotional toll could affect the ability to work. And yes, we\u2019re back to talking about money, but it\u2019s not financial gain for the hackers; it\u2019s financial loss for the victims.<\/p>\n

PC Magazine recently published an interesting story that discusses the \u2018other\u2019 purpose of phishing. In Tasty Spam: Phishing Isn’t Just About Your Money<\/a>, writer Fahmida Y. Rashid points out how security firm Cloudmark reminds us that\u2019s it\u2019s not all about the Benjamins. Phishing is one of those security threats that needs to be fully understood in order to be combated. \u201cPhishing for financial details is highly lucrative but also high risk,\u201d says Rashid. As one Cloudmark expert said,”bank fraud gets more attention from law enforcement and carries higher penalties than, say, selling worthless diet pills.”\u201d<\/p>\n

There are plenty of ways to grab information and leverage it to one\u2019s advantage, and while it\u2019s tempting to think the spammers are greedy little psychos who just want to impress their hacker friends by quick financial fixes, the reality is that hackers are smarter and more patient than that. \u201cLess sensitive accounts are still valuable, since they can be used to send more spam over email, SMS, or even social networks,\u201d writes Rashid.<\/p>\n

The article provides several helpful examples of non-financial phishing attacks. In one instance, a blatant if not simplistically brilliant attack displays a splash screen with all the major email account providers, letting the user choose one instead of the hacker trying to guess which provider they\u2019re on. Then it\u2019s simply a matter of entering login credentials, and voila, the user has hacked himself.<\/p>\n

Apple is a choice target these days. \u201cApple IDs are also popular phishing targets\u2026Once stolen, these accounts may be used to send iMessage spam, or to remotely take control of iPhone and iPads. The attacker may use the “Find my iPhone” feature to remotely lock the device, and then demand the victim pay a ransom to regain control.\u201c Again, there\u2019s financial gain here, but not the kind we normally associate with phishing.<\/p>\n

And even gamers aren\u2019t safe. With a glut of MMO games out there like Star Wars: The Old Republic, The Elder Scrolls Online, and World of Warcraft, to name a few, the landscape is a target rich environment for hackers. \u201cIf you play games, keep an eye on your video game accounts. Criminals may be reselling in-game items to other players who are willing to spend real money to get these objects. Even though most modern games launch with two-factor authentication features, gaming accounts are still getting compromised. The above email tricks users into thinking they need to take attention.\u201c<\/p>\n

Craigslist is another target for phishers, where hackers will try to steal login details for email accounts. And PayPal, an old standby for hackers, is still out there as a target, but Cloudmark points out that it\u2019s not as popular with hackers as it used to be, perhaps because \u201cPayPal’s fraud detection algorithms have gotten better, more mail servers are checking for DKIM signatures (if a message doesn’t have a valid PayPal DKIM signature, then it is flagged as a forgery), or PayPal’s users are just savvier about these messages.\u201d<\/p>\n

It\u2019s a new world out there, and we need to be vigilant, every hour of every day. But remember when you\u2019re performing your threat assessments that phishing, while it may still be about the almighty buck, is also so much more.<\/p>\n","protected":false},"excerpt":{"rendered":"