We’ve all seen the Hollywood depictions of hackers drinking energy drinks in dark rooms while pounding away at keyboards as they try to ”hack the company’s firewall” and take over “the system.” Meanwhile, the company has another darkly light room with their own staff pounding away at keyboards in attempt to stop the hackers from get through. It’s a battle of who can type faster! A very exciting, made-for-TV, depiction of hacking, but not very accurate. A more accurate depiction would be this popular technique:
- Hacker gathers list of company email addresses. Many of which can be found publicly on the Internet.
- Hacker sends email to all on the list purporting to be “IT Support” stating the recipient needs to “tell us their password. So, we can upgrade their account.”
- Hacker takes nap.
- Hacker wakes up from nap and makes some coffee.
- Hacker comes back to their computer to find five people gave up their password.
- Hacker logs in as those five people and takes whatever data he can access.
This technique (nap and coffee optional) is known as “phishing.” Phishing emails, and sometimes even text messages, is one of the biggest threats to information security. It’s not only effective, but simple and cheap for a hacker. Making it widely used and successful in many widely-publicized breaches. Of course, it’s also a bit boring for television and the movies.
To learn how to spot a phishing email, check out this pamphlet from the Department of Homeland Security: https://www.dhs.gov/sites/default/files/publications/2017 NCSAM Poster Revised 9.25.17- 508 compliant.pdf
If you would like more information on phishing, or would like arrange a phishing awareness presentation for department or campus group, please contact IT Security via the IT Service Desk at x4567.