Meta Intelligence - Cyber Intelligence and Security
  • Home
  • Cyber Intelligence / Digital Risk Management
  • Courses
  • About Us/Contact
  • Blog

BigEye Cyber Edition

Knowledge is power

Clicker Happy Syndrome

1/16/2017

0 Comments

 
As of today, 95% percent of all cyber intrusions took place because someone clicked on a link that was in an email or a text. The most publicized cyber intrusions such as the DNC, Sony, Target, the robbery of the F-35 plans perpetrated by China, and the list goes on and one have one single common denominator: phishing!
 
What is phishing?
It is a fraudulent way of fishing for information and the consequences stink like rotten sardines. This fraudulent practice consists of sending emails purporting to be from reputable companies or government organizations asking individuals to reveal personal information, such as passwords and credit card numbers.
The emails most often look very legitimate. The photo below shows a phishing email that the customers of the National Australia Bank received. The bank lost $1.8 million before they realized the scam was going around. 
Picture
Who can get phished?
Everybody can get phished. The goal is to obtain information that can be used to access intellectual property, bank accounts, credit cards, medical records…. Anything that can be sold in the black market.
There is this false belief that only important people get phished. Nope. You could be the newest employee hired to watch people go in and out of the building. If the crook can access your personal information and from there crawl his/her way to the most protected data in the company or government organization; then, you are a good candidate to be a phishing target.
In Dec 2016, Ben DiPietro writing for the Wall Street Journal reported about a survey conducted by the firm RedSeal resulting in a conclusion that 80% of CEOs operate with such a cyber ignorance about these type of threats that they make their companies a cyberattack target. 

How do you escape a phishing attack?
You might think that if phish stinks like rotten sardines, then maybe a powerful room deodorizer will protect you against cyber intrusions. Not in this type of phish.
 
The ONLY way you can prevent falling victim of a phish is by NEVER clicking on a link sent to you via email or text. If you receive an email from Google asking you to check something on your account (as it was the case in the DNC hack), do not click on the link of that email to go to Google. You must go to your browser, and type the domain of the website you need to access directly on your browser.
 
If you receive an email from anyone you know well, or trust, or your boss, the Pope, the Dalai Lama… and that email has a link (URL) that will send you to a website, DO NOT click on the link. You will copy the link and paste in the Google search bar (not in the URL bar but the search bar). This way, if the link has a cyber mine, Google will let you know in most cases that you are about to step on a cyber mine.
​
Most people check the news on their phones. The same rules apply. You will copy the link and bring it to your browser search field. See images below, and noticed that the link gets copied, then pasted to the Incognito url bar of Google Chrome (incognito mode does not have a search field separate from the url bar).
Picture
Same principle applies to links received by text.
 
How can you read the source or header of an email?
When you look at the header of all emails, you can see the return path. This means you can see to whom the email will be sent when you click reply. This is a good thing to look at in emails where the sender is asking you to reply with some personal information.
Not all phishing emails have a link. Some phishers are asking you to type information in the body of the email as you send your reply.
In Gmail, you can access the “view source” by selecting the arrow to the right of the reply button. Below are examples of a phishing scam, and what the return path address is. 
Picture
Picture
Picture
That is all for now. Thank you for reading and remember that I can bring this training to your organization. See below.
 
Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization. 
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    About the Blog

    This blog is updated on a bi-weekly basis and it will address a variety of topics concerning cybertechnology, privacy and ethics in the cyberspace domain.
    ​
    About The Author
    Cecilia Anastos holds a Master’s Degree in Strategic Intelligence w/sp in Middle East Issues, a Graduate Certificate in Cybercrime, and a B.A. in Criminal Justice w/sp in Psychology.  In 2005, Ms. Anastos founded Meta Enterprises, LLC (Meta-Intelligence.com) where she works as Chief Intel Analyst – OSINT, Cybercrime and Instructor.  Fluent in five languages, she is a pioneer in the utilization of digitized open source and publicly available information to create actionable intelligence, and in the reduction of digital signatures in the cyberspace domain; and has designed many of the cyber programs currently used at the US Navy Special Operation Forces, police departments, and private sector. She is also an avid reader and a source of knowledge in foreign policy, political affairs, demographic trends, socio-cultural dynamics, transnational gangs, indigenous groups, conflict resolution, and cultures in Latin America, Africa, Europe, and Eurasia, as well as in creating strategic models and analysis of predictability for countries and non-state organizations.

    View my profile on LinkedIn

    Archives

    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016

    Categories

    All

    RSS Feed

Home

About

Services

Menu

Contact

Copyright © 2017 Meta Intelligence/Meta Enterprises, LLC proprietary information
  • Home
  • Cyber Intelligence / Digital Risk Management
  • Courses
  • About Us/Contact
  • Blog