17
Jul

They went phishing at Twitter…

PHISHING

Phishing does not refer to the peaceful act of standing by a river tossing a baited hook into the water and hoping for dinner.  Phishing does refer to the premeditated act of fooling people into giving up their previously private information.

Some people I speak with believe Social Media is the largest culprit of this, tracking your movements around their site and keeping tabs on what you are searching for.  I have a tip for preventing this, to a degree, at the end of this article.

Let’s get back to phishing.  Here’s a description of what the low life who’s looking to fool you is doing.  They, yes, they, it’s usually organized criminals who instigate these attacks.  They look for a likely foil, like a Canadian bank or a popular online company.  They steal the logos and look from these pages and begin drafting an e-mail.  The text generally looks like:

Dear customer

We have been apprised of a breach in the security settings of your telephone app.  Please click on the link below to ensure you do not lose access and your accounts are not frozen.

 

www . <anybank>.ca/security setting

 

Regards

….

Security specialist

<Anybank>

 

If you are lucky, the e-mail is so full of spelling and grammatical mistakes that you just laugh it off as another scam.  If, as thousands of people today, you are not so lucky, you click on the link and it takes you to an “official” looking page where you are enjoined to enter your credentials for your bank access.  Again, if you are lucky, the page returns a “thank you” and asks you to close your browser for your own safety.

The irony here is that you’ve just voluntarily given your bank login credentials to organized criminals.  They will, as soon as possible, log into your account and either empty it through a bogus transfer or, just as quickly, sell it to someone else who will use the information for all sorts of illegal acts in your name.

The other evil little secret here is that at the same time they are stealing your bank information, they have downloaded a bug onto your computer.  That bug is now able to move around freely on your computer, attach itself to e-mails you are sending your family or, if you are on a work computer, infecting your network and the computers of your co-workers.

Many companies, small and large, have been victimized by this kind of attack.  There are various tools that can thwart this form of intrusion.  Some are complex and require a full IT department to manage, some are offered free with an Antivirus subscription.  Which one works?  They both do, to a degree.  Obviously, you get what you pay for in each case but, the simplest solution is regular education and testing.  Echo Cloud solutions is committed to securing their customers and has partnered with InfoSEC.  A leader in security education both online and in classroom.

We can design a phishing campaign that will help educate your staff and prevent further “random clicks”.  The difference is that we will not ask for any information, we will simply remind the reader not to click on links they don’t know or fully trust.  It’s a very powerful learning method and will save you countless headaches.

*The tip for preventing tracking is simply to set your browser to “private mode” all the time and never allowing your user ID to be remembered on any computer.  This will require you to log into your applications and web pages every time but, it will also be a good reminder to use a password manager.  We can recommend one based on your usage and need.  Call us.