July 2017,  OneVoice CSDA Newsletter

Phishing

June 26, 2017 /

By Michael Menz, Director, Hewlett Packard Enterprise

– 1 of 3 articles (future issues will include next articles)

Let’s talk Phishing. No, not fishing, that involves water. We are talking about cyber criminals who are looking for people to steal from or exploit.

Here are two examples from last year:

 

RSA Security:

RSA Security – a United States-based organization that creates encryption, network and computer security products.

Phishing led to a huge intellectual property theft. There’s nothing more disturbing than an information security company suffering a very large and public data breach. RSA is still a giant in the field and the 2011 hack of its network shook the entire security industry.

The hack was accomplished by the hackers starting a phishing attack to a small group of specific employees. One employee fell for the phishing email and opened an attached Excel file which introduced malware into RSA’s network. That allowed thieves to steal intellectual property for RSA’s flagship two-factor authentication technology. Potentially this could be used to infiltrate the networks of many of RSA’s customers, including banks, U.S. government agencies, and defense contractors, potentially affecting millions of the customers end users. The breach reportedly cost the company $63 million.

Democratic National Committee:

A phishing email started the theft of email from the party’s email system which we all know were posted for the world to view. The 2016 U.S. election scandal exploded the moment campaign adviser John Podesta provided his log-in credentials in response to a spoofed message that looked like it originated from his email provider. This allowed the hackers access to his email account and the rest, as they say, is history.

Hackers will review Facebook and other social media to make a profile of you and confirm your email address. They will learn your likes and dislikes and use whatever they can to get you to open an email they send you. They will exploit your friends and get their email contact list. They will spoof the email address to make it appear it came from the friend.

Learn from those who have been a victim.

Be conscious of messages you did not expect to receive, or they convey a sense of urgency, or seem strange even though the message appears to come from a trusted person or company. Trust your gut. If it feels wrong, it more than likely is.

If needed, call the sender on a phone number you already have or that is publicly posted. Do not use the number in the message.

Delete the message from your Inbox, Sent Items folder, and Deleted Items folder—whichever applies in your email system.

Turn on your email application anti-spoof and junk mail filters if it has them.

Until next time, be safe and hopefully you’ll never be a victim.

Michael Menz

Michael is a Director for Hewlett Packard Enterprise, the eDiscovery, Investigations & Forensics teams.

His prior career was a detective for the Sacramento Sheriff’s Department, High Tech Crimes Task Force.