<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

When Did Phishing Become a Social Problem?

In the world of technology, social media is starting to become king. Just think about this for a minute, 15 years ago, there was no Twitter, Facebook, Instagram or Snapchat.

Now, it seems every American is on one or all of these devices. Social media has become such a fabric in our culture that there isn’t a time when you don’t see someone walking with their head down looking at their phones.

Learn how social engineering is the new gold mine.

Numbers are Staggering

Millions of people log into their social media accounts every day. In fact, 1.3 billion users log onto their favorite social networking sites each month. They share their favorite photos and check up on friends on a daily basis.

On someone’s network, you can find their name, date of birth, location, workplace, interests, hobbies, skills, relationship status, telephone number, email address and favorite foods. All of this information can be used against you by social engineers.

In spear phishing, social engineering is the use of known social behaviors and patterns to make targets more likely to take a suggested course of action, like clicking on a link. They can send crafted spear phishing emails to your inbox, or they can try and imitate you to trick your contacts.

Why Should This Concern You?

Social Media Usage by the Numbers

  • 66% of adult Facebook users do not know how to use its privacy controls.
  • 71% of consumers state their purchasing decisions are influenced by social media posts.
  • 26% of social media users have made in-app purchases using payment cards.
  • 780% increase in reported social-media related crime in a four year timespan.
  • One major social network has more fake profiles than the population of Egypt.
  • Social activities account for 91% of all mobile Internet activity.  

In January 2010, social media lures, which is when a hacker uses someone’s friend request to launch a successful phishing campaign, were used by 8.3% off all phishing attacks. By December of that year, they were used in 84.5% of attacks - a staggering increase of 918%.

 

Social Media on a laptop and mobile

Targeting Social Accounts

In years past, it was companies that were being targeted the most by attackers. But now with social media being so prevalent, attackers are finding it easier to go after the user.

A recent article by Blueprint IT Security hits on that notion. They talk about how Facebook, Twitter and Linkedln are “goldmines” for phishing. So much so that Linkedln has fueled an entire industry of bogus connection requests. Their usefulness isn't to launch a phishing attack, but to research it, spotting high-value management targets after being accepted into the network of contacts that might legitimately know them.

Blueprint goes on to say their first defense is to research Open Source Intelligence (OSINT) in order to see a company’s information footprint from the attacker’s point of view.Download the Protecting the Data eBook

Targeting Has Become More Personal

Targeting or spearing, as it is being referred to now, is often the first stage of a wider attack, which is designed not to simply steal credentials but to find a way into the deeper parts of the target organization, or user, for a variety of reasons - including data theft and extortion.

Attackers now are doing their homework more and more on their potential targets. As Blueprint states in their recent article, attackers are becoming more aware of the people they are going after.

Reconnaissance - Normally, a targeted attack is focused on a specific person within an organization, which is also a calculated guess based on what can be gleaned about the company from OSINT. OSINT is a fancy term to describe information gathered from public sources that companies find it almost impossible to control.

Stealth - Whatever channel attackers decide to choose, the goal is not to draw attention to themselves. An email or contact request must not stand out as unusual, or it could trigger interactions that could reveal it for what it really is. If that happens, it is no better than an opportunistic phishing attack.

Subterfuge - The close ally of stealth is technical subterfuge. In organizations who do not use email authentication, this usually includes using spoofed email addresses that appear to come from an internal address.

Software and Awareness is Key

As Blueprint states in their article, attackers will couple top domains with impersonated cloud services or portals used by the target organizations or users.

Software - This explains the value of carrying out reconnaissance on the software and services used by a target organization. Again, users rarely check these closely.

Awareness - The attack surface can be reduced in a variety of ways but ideally this should be done alongside changing the outlook of employees. A popular solution is to engage some form of anti-phishing awareness training.

The idea behind awareness training is to baseline the degree to which employees can be snared by test phishing scenarios, comparing their behavior when running the same tests weeks or months later. The best approach seems to be to start with a longer training session, running short monthly tests every month for a year.

Written by Chris Bihary

Chris Bihary, CEO and Co-founder and of Garland Technology, has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance and security through the integration of network TAP visibility.

Authors

Topics

Sign Up for Blog Updates