Whether you are running for public office or an ordinary citizen, just one click on the wrong link, in the wrong email, could change your life. Spear phishing has been in play for years. It has cost us politically and personally. It is back. It is everywhere. Here is what we all need to know.
What is Spear Phishing?
Spear phishing is an email-spoofing attack that seeks unauthorized access to sensitive information. Spear phishing attempts are NOT random. They are specific, targeted attempts to gain access to private and personal information.
Remember when the emails of John Podesta, Colin Powell, and the DNC were compromised in 2016? This happened because they fell prey to a normal phishing attack. In Podesta’s case, he logged onto what he believed was his gmail account and changed his password. Even his own IT staff was fooled by this email The attackers used the passwords he entered to gain access to his real gmail account.
Spear phishing is even more pernicious and hard to detect than regular phishing.
Unlike regular phishing, spear phishing messages appear to come from a trusted source — likely an individual within the recipient’s own company or from someone the target knows personally.
When you click on a link in a normal phishing email you will typically be redirected to a spoofed site that requests a login. The purpose of this site is to collect your user name and password and use that information to falsify your identity.
The success of spear phishing depends upon three things:
With spear phishing, the attack is very specific and customized, and the goal is as well. For instance, the attacker may want to steal information rather than identity. In some cases a customized payload may be delivered directly – for instance a file containing a Trojan Horse may be downloaded and executed. This virus file gives the attacker access to anything on your computer, including your personal data, your emails, and your email address book.
There is information within the message that supports its validity
The source must appear to be a known and trusted individual
The request seems to have a logical basis
The Big Payoff
What can the attackers do with the information they collect? Well they can certainly make your private communications public, as was the case of the hacked DNC emails in 2016. Alternatively, they can use this information to blackmail you, or even to blackmail others who have shared their private thoughts or data with you.
But what else? A successful spear phishing attempt is the gift that keeps giving, from the attacker’s point of view. Once the attackers have your address book and your past emails, it becomes very easy to impersonate you or those with whom you communicate.
For instance, an attacker might spoof an email from you to your colleagues, asking them click on a link in order to review a document you are working on.
Because of this, a successful spear phishing attempt endangers your contacts and people close to you.
You can prevent being the victim of a spearphishing attack by:
Never clicking a link to a service that you use that is sent via email. If you get a realistic-looking email from your bank, PayPal, Ebay or your email provider, make sure you log into your account via your browser, NOT by clicking the link you were sent.
When someone you know sends you a link to a specific page or document, check in with that person via a new email, or by phone or by text, to verify that that person did indeed send you a link.
Secrets, Deception, and the New Political Landscape
Are there things that we see going on in our government right now that could be the result of a spear phishing attack? We believe there are.
Beyond the publicized theft of the DNC and Podesta emails, we have seen an unprecedented level of inexplicable behavior among certain members of Congress, particularly those of the GOP persuasion. We wonder whether some of these political figures have been compromised by spear phishing attacks.
We’ve been working on a very important finding. This article is our lead in to that piece.
We are under attack. We need to protect ourselves.
Written by Unhackthevote