Whether you are running for public office or are an ordinary citizen, just one click on the wrong link, in the wrong email, could change your life. Spear-phishing emails have been in play for years. It has cost us politically and personally. It is back and it is everywhere. Here is what we all need to know.
What is Spear Phishing?
Spear phishing is an email-spoofing attack that seeks unauthorized access to sensitive information. Spear-phishing attempts are NOT random. They are specific, targeted attempts to gain access to private and personal information.
Remember when the emails of John Podesta, Colin Powell, and the DNC were compromised in 2016? This happened because they fell prey to a normal phishing attack. In Podesta’s case, he logged onto what he believed was his gmail account and changed his password. Even his own IT staff was fooled by this email. The attackers used the passwords he entered to gain access to his real gmail account.
Spear phishing is even more pernicious and hard to detect than regular phishing.
Unlike regular phishing, spear-phishing messages appear to come from a trusted source — likely an individual within the recipient’s own company or from someone the target knows personally.
When you click on a link in a normal phishing email you will typically be redirected to a spoofed site that requests a login. The purpose of this site is to collect your user name and password and use that information to falsify your identity.
The success of spear phishing depends upon three things:
With spear phishing, the attack is very specific and customized, and the goal is as well. For instance, the attacker may want to steal information rather than identity. In some cases a customized payload may be delivered directly – for instance a file containing a Trojan Horse may be downloaded and executed. This virus file gives the attacker access to anything on your computer, including your personal data, your emails, and your email address book.
> There is information within the message that supports its validity
> The source must appear to be a known and trusted individual
> The request seems to have a logical basis
Spear-phishing emails–the big payoff
What can the attackers do with the information they collect? Well they can certainly make your private communications public, as was the case of the hacked DNC emails in 2016. Alternatively, they can use this information to blackmail you, or even to blackmail others who have shared their private thoughts or data with you.
But what else? A successful spear-phishing attempt is the gift that keeps giving, from the attacker’s point of view. Once the attackers have your address book and your past emails, it becomes very easy to impersonate you or those with whom you communicate.
For instance, an attacker might spoof an email from you to your colleagues, asking them click on a link in order to review a document you are working on.
Because of this, a successful spear-phishing attempt endangers your contacts and people close to you.
You can prevent being the victim of a spear-phishing attack by:
Never click a link in an email from a service you use. If you get a realistic-looking email from your bank, PayPal, Ebay or your email provider, log into your account via your browser. Don’t click the link you were sent.
When someone you know sends you a link to a specific page or document, check in with that person via a new email, or by phone or by text, to verify that that person did indeed send you a link.
Secrets, Deception, and the New Political Landscape
Are there things that we see going on in our government right now that could be the result of a spear-phishing email attack? We believe there are.
Beyond the publicized theft of the DNC and Podesta emails, we have seen an unprecedented level of inexplicable behavior among certain members of Congress. This is particularly true for those of the GOP persuasion. Is it possible that some of these political figures were compromised by spear-phishing attacks?
We’ve been working on a very important finding. This article is our lead in to that piece.
We are under attack. We need to protect ourselves.
Written by Unhackthevote
Read More Commentary about the 2016 Election:
Cambridge Analytica and the Flipping of an Election – the Law of Small Numbers
Our Election System — The Shell Game
Americans Should Be Alarmed by the UK Report on Cambridge Analytica and Big Data