Page 24 - Banking Finance July 2024
P. 24

ARTICLE

          containing malware or links to credential stealing sites to  the company, such as the CEO or finance manager. This adds
          steal sensitive information or valuable intellectual property,  an extra element of social engineering into the mix; with
          or to simply compromise payment systems.            staff reluctant to refuse a request from someone they deem
                                                              to be important.
          The effectiveness of spear phishing comes down to a
          combination of both technical and psychological reasons.  The sender's email address typically looks like it's from a
          Spear phishing emails are quite hard to detect because they  believable source and may even contain corporate logos or
          are so targeted. They look like normal business emails with  links to a fraudulent website that has also been designed to
          normal business chitchat, so it's really hard for spam  look legitimate. Because a whale's level of trust and access
          detection systems to realize it's not a genuine email. Spear  within their organization tends to be high, it's worth the
          phishers exploit that because you don't want your spam  time and effort for the cybercriminal to put extra effort into
          protection blocking genuine emails as end users get  making the endeavor seems believable.
          frustrated and business processes start to fall down. One of
          the most common spear-phishing traits involves exploiting  Clone Phishing
          a sense of urgency.
                                                              A clone phishing attack uses a legitimate or previously sent
                                                              email that contains attachments or links. The clone is a near
          Combining the data gained from an organization's team
                                                              copy to the original where the attachments or links are
          page, a LinkedIn profile, a Twitter profile, and a Facebook
                                                              replaced with malware or a virus. The email is typically
          profile, a criminal can usually capture quite a detailed
                                                              spoofed to appear like it is being sent by the original sender
          picture  of  their  victim.  They  might  use  your  name,
          information about where you work, who you bank with, a  and will claim it is a simple re-send. What's worse, the email
          recent payment you've made, information about your family  is sent out to a large number of recipients and the attacker
          and friends, and any other private information they can find.  just waits for the victims who click it. When a victim
                                                              succumbs to the cloned email, the attacker forwards the
                                                              same forged email to the contacts from the victim's inbox.
          For example- Suppose a data of employee of company xyz
          is hacked and a mail related to gift vouchers is mailed to a  This type of attack is considered the most harmful because
          particular category of employees, as a bonus of performance  it is hard for victims to suspect a spoofed email.
          by higher management. Here since the target group is
                                                              Example of clone phishing can be mails like
          fixed, it comes under category of spear phishing.
                                                              1) An email sent from a spoofed email address intended
          Whaling                                                to trick the recipient into thinking it is from a legitimate
                                                                 sender.
          A whaling attack is a method used by cybercriminals to
          masquerade as a senior player at an organization and  2) An email containing a link or attachment that has been
          directly target senior or other important individuals at an  replaced with a malicious link or attachment
          organization, with the aim of stealing money or sensitive  3) An email or message that claims to be from a resent
          information or gaining access to their computer systems for  email from a legitimate sender but is updated in some
          criminal purposes. Also known as CEO fraud, whaling is  way
          similar to phishing in that it uses methods such as email and
          website spoofing to trick a target into performing specific  Ways to avoid Phishing
          actions, such as revealing sensitive data or transferring
          money.                                              Training and Awareness Campaign
          Whereas phishing scams target non-specific individuals and  Training of staff and creating the awareness about phishing
          spear-phishing targets particular individuals, whaling doubles  techniques should be given to staffs of companies at regular
          down  on  the  latter  by  not  only targeting  those  key  interval. For creating awareness amongst customer and
          individuals, but doing so in a way that the fraudulent  general public, various awareness campaigns should be
          communications they are sent appear to have come from  driven to create awareness about phishing techniques used
          someone  specifically  senior  or  influential  at  their  by scamster and how to be alert to avoid deception by social
          organization. Think of them as "big phish" or "whales" at  engineers.

            22 | 2024 | JULY                                                               | BANKING FINANCE
   19   20   21   22   23   24   25   26   27   28   29