The 4 Phishing Commandments – #1: Distrust thy emails, all of them.

This is the first in a series of 4 posts that will highlight key aspects of phishing. The aim is to illuminate the considerable risks and to provide you with effective tools with which to identify the dangers to (hopefully!) successfully avoid them. We regard this as the one situation in life where paranoia is definitely of value.

In this rat-race everybody’s guilty till proved innocent!

Bette Davis (‘All About Eve’, 1950)

Nothing online is [necessarily] what it seems to be. Nothing.

Private email accounts are hacked into regularly by cybercriminals applying automated bots that brute-force their way through passwords. This access allows cybercriminals to send malicious emails from legitimate email accounts to unsuspecting contact lists. Popular websites can be cloned and modified to include malicious content for visitors to interact with; Social Media profiles can easily be created to pose as trustworthy individuals that engage with targets under some pretense with chat and messaging that can contain malicious content.

Putting it simply, trusting the authenticity of emails and other digital means of communications just because they seem to be from trusted sources that we think we know is a recipe for trouble.

Profiling people is easier than ever

An increasing part of our daily activities is reflected online by the growing number of social media platforms such as: Facebook, LinkedIn, Google +, Twitter, Instagram, Pinterest to name just a few. If we aren’t posting, tweeting, uploading or tagging – our family, friends, acquaintances and colleagues are. Have you ever googled your name to see what comes up?

It’s staggering to find out how much personal information is found online today, from personal photos, photo locations (via geotagging embedded in photos or photo naming), personal and work history, details of friends, family and acquaintances, personal hobbies, routines, special occasions and achievements are all there.

How often has Facebook suggested tagging an acquaintance of yours in a photo someone posted online?

Adding to this the availability of recognition tools such as face & image recognition enables cybercriminals to connect these pieces of personal information together to form a full and consistent personal profile. Being able to profile targets to this degree of detail gives cybercriminals a deep understanding of who the actual person is behind all of this information, and what the most vulnerable point to focus on would be to ensure a successful phishing attack.

Digital Communication, Evolved.

With the evolution of technology and digital communication in particular beyond emails into instant messaging, chatting and blogging, phishing nowadays takes on many different and creative forms. Every form of digital communication available may be manipulated as a vehicle for launching phishing attacks. These range from ‘Spear Phishing’ emails that target specific individuals, to Chat Phishing on social media platforms and ‘Water Hole’ attacks on blogs – all of which we will be explaining in the next blogs.



So, what do you do after this bleak introduction?

To start with, we don’t think people should respond by disengaging from social media. As challenging and threatening as the digital communication and social media landscapes are, there is a lot that can be done in terms of improving awareness and developing ‘a healthy paranoia’ for online behavior.

Only the Paranoid Survive

We hope this post clarifies why we believe one should maintain a basic distrust towards all digital communications and in the posts ahead we will focus on three important elements of Phishing that will help you navigate your way through digital communications – three posts that will help you reestablish trust where it belongs. We leave you with Intel’s legendry CEO Andy Grove’s words ‘Only the Paranoid Survive’, with whom we wholeheartedly agree.

Next week: The 4 Phishing Commandments | #2: Understand thy Email Address

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Updated.
Get our Newsletter*

Recent posts

Rapid Reset: the New DDoS Threat

CISA (Cybersecurity and Infrastructure Security Agency) urged organizations that provide critical internet delivery services to immediately apply patches and other mitigations after an internet-wide security

Read More