Targeted Attacks: You are our Best Defense
Targeted attackers are highly trained and organized criminals who are funded by other organizations and sometimes by nations.
They begin their attack by:
- Research an organization’s website and identifying key information
- Look for an employee phone list to identify employees and their roles
- Harvest information on a variety of employees from social media sites, such as Facebook and LinkedIn
- Identify key individuals to target
If you have been selected as a target, researchers find out all they can about you. They then craft a spearphising attack – a customized email to a specific target (you). It appears to come from someone you know (perhaps even your boss) and is urging you to take an immediate action. There may be an attachment that contains malicious content that allows the attacker to take control of your computer.
The data on you is harvested from social media, including:
- Pictures you have posted on social media
- Your hobbies
- Your family members
- Your house on Google Earth
Protect yourself by limiting the amount of information you publicly share and be suspicious of every email you receive, especially those with links, attachments, and urging you to take an immediate action.