Now phishing attacks have become personal. Very personal. And very frightening.
It’s hard to imagine that it’s come to this already. As if phishing attacks aren’t bad enough we’ve all been exposed to “spearphishing” attacks – which add a level of information that makes them more likely to get their victims to click on the link bait. Now we’ve got a highly sophisticated, very personalized and downright frightening form of phishing never seen before.
Let’s call it “baitphishing” because the bait is so real, so enticing and so personal that it is almost beyond resistance.
As outlined in this article in TechRadarPro these “baitphishing” attacks differ from even the most sophisticated spearphishing attacks because they include a lot of information that people would consider very personal. Your name, email address, phone number and maybe even names of personal contacts might be included in this email attack. How do they do it? Think about it – your information is, well, EVERYWHERE. Got a Facebook account? Twitter? LinkedIn? How about Amazon – do you write reviews? Maybe a Strava account with a profile about your running or cycling accomplishments?
Harvesting personal information just isn’t that difficult anymore. Sophisticated hackers can write code that will scour the various sites, tie the names to the email addresses and add a phone number if it finds one, and then merge it all into an email addressed to you and appearing to be from your boss, your bank or your ex-girlfriend. (Come on – do you really think hackers don’t know who your ex-girlfriend is? They can read your Facebook rants.) So the email looks so real, so authentic, so tempting, that you just can’t resist the bait (thus my name, “baitphishing”).
Once you click the link it’s pretty much all over. If the link doesn’t take you to a website where your personal information is sought and captured it might install some malware on your computer that will remain invisible and dormant until the hackers decide to activate it six months from now. It’ll be so long since you clicked on that link that you’ll have totally forgotten about doing it and can’t imagine how someone has taken over your computer, stolen your accounts and ruined your financial life. All because you’ve clicked on the wrong link in a baitphishing email.
This new form of phishing, referred to by the cybersecurity companies that investigate it as “TA530”, is the most nefarious we’ve seen. It is the most sophisticated form of phishing imaginable and includes frighteningly personal information. Don’t fall victim to it. Be careful. Be alert. BeCyberAware.