From Candidate to Kompromat – It Just Takes One Click
Whether you are running for public office, or an ordinary citizen, just one click on the wrong link, in the wrong email, could change your life. Spear phishing has been in play for years. It has cost us politically and personally. It is back. It is everywhere. Here is what we all need to know.
What is Spear Phishing?
Spear phishing is an email-spoofing attack that seeks unauthorized access to sensitive information. Spear phishing attempts are NOT random. They are specific, targeted attempts to gain access to private and personal information.
Remember when the emails of John Podesta, Colin Powell, and the DNC were compromised in 2016? This happened because they fell prey to a normal phishing attack. In Podesta’s case, he logged onto what he believed was his gmail account and changed his password. Even his own IT staff was fooled by this email The attackers used the passwords he entered to gain access to his real gmail account.
Spear phishing is even more pernicious and hard to detect than regular phishing.
Unlike regular phishing, spear phishing messages appear to come from a trusted source – likely an individual within the recipient’s own company or from someone the target knows personally.
When you click on the link in a spear phishing email the payload is delivered – a file is downloaded containing a Trojan Horse. This file gives the attacker access to anything on your computer, including your personal data, your emails, and your email address book.
The success of spear phishing depends upon three things:
- The source must appear to be a known and trusted individual
- There is information within the message that supports its validity
- The request seems to have a logical basis
The Big Payoff
What can the attackers do with the information they collect? Well they can certainly make your private communications public, as was the case of the hacked DNC emails in 2016. Alternatively they can use this information to blackmail you, or even to blackmail others who have shared their private thoughts or data with you.
But what else? A successful spear phishing attempt is the gift that keeps giving, from the attacker’s point of view. Once the attackers have your address book and your past emails it becomes very, very easy to impersonate you or those you communicate with.
For instance, an attacker might spoof an email from you to your colleagues, asking them click on a link in order to review a document you are working on.
Because of this, a successful spear phishing attempt endangers your contacts and people you are close to.
You can prevent being the victim of a spearphishing attack by:
- Never clicking a link to a service that you use that is sent via email. If you get a realistic-looking email from your bank, PayPal, Ebay or your email provider, make sure you log into your account via your browser, NOT by clicking the link you were sent.
- When someone you know sends you a link to a specific page or document, check in with that person via a new email, or by phone or by text, to verify that that person did indeed send you a link.
Secrets, Deception, and the New Political Landscape
Are there things that we see going on in our government right now could be the result of a spear phishing attack? We believe there are.
Beyond the publicized theft of the DNC and Podesta emails, we have seen an unprecedented level of inexplicable behavior among certain members of our congress, particularly those of the GOP persuasion. We wonder whether some of these political figures have been compromised by spear phishing attacks.
We are under attack. We need to protect ourselves.