<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

When Did Phishing Become a Social Problem?

June 6, 2017

In the world of technology, social media is starting to become king. Just think about this for a minute, 15 years ago, there was no Twitter, Facebook, Instagram or Snapchat.

Now, it seems every American is on one or all of these devices. Social media has become such a fabric in our culture that there isn’t a time when you don’t see someone walking with their head down looking at their phones.

Learn how social engineering is the new gold mine.

Numbers are Staggering

Millions of people log into their social media accounts every day. In fact, 1.3 billion users log onto their favorite social networking sites each month. They share their favorite photos and check up on friends on a daily basis.

On someone’s network, you can find their name, date of birth, location, workplace, interests, hobbies, skills, relationship status, telephone number, email address and favorite foods. All of this information can be used against you by social engineers.

In spear phishing, social engineering is the use of known social behaviors and patterns to make targets more likely to take a suggested course of action, like clicking on a link. They can send crafted spear phishing emails to your inbox, or they can try and imitate you to trick your contacts.

Why Should This Concern You?

Social Media Usage by the Numbers

  • 66% of adult Facebook users do not know how to use its privacy controls.
  • 71% of consumers state their purchasing decisions are influenced by social media posts.
  • 26% of social media users have made in-app purchases using payment cards.
  • 780% increase in reported social-media related crime in a four year timespan.
  • One major social network has more fake profiles than the population of Egypt.
  • Social activities account for 91% of all mobile Internet activity.  

In January 2010, social media lures, which is when a hacker uses someone’s friend request to launch a successful phishing campaign, were used by 8.3% off all phishing attacks. By December of that year, they were used in 84.5% of attacks - a staggering increase of 918%.

 

Social Media on a laptop and mobile

Targeting Social Accounts

In years past, it was companies that were being targeted the most by attackers. But now with social media being so prevalent, attackers are finding it easier to go after the user.

A recent article by Blueprint IT Security hits on that notion. They talk about how Facebook, Twitter and Linkedln are “goldmines” for phishing. So much so that Linkedln has fueled an entire industry of bogus connection requests. Their usefulness isn't to launch a phishing attack, but to research it, spotting high-value management targets after being accepted into the network of contacts that might legitimately know them.

Blueprint goes on to say their first defense is to research Open Source Intelligence (OSINT) in order to see a company’s information footprint from the attacker’s point of view.Download the Protecting the Data eBook

Targeting Has Become More Personal

Targeting or spearing, as it is being referred to now, is often the first stage of a wider attack, which is designed not to simply steal credentials but to find a way into the deeper parts of the target organization, or user, for a variety of reasons - including data theft and extortion.

Attackers now are doing their homework more and more on their potential targets. As Blueprint states in their recent article, attackers are becoming more aware of the people they are going after.

Reconnaissance - Normally, a targeted attack is focused on a specific person within an organization, which is also a calculated guess based on what can be gleaned about the company from OSINT. OSINT is a fancy term to describe information gathered from public sources that companies find it almost impossible to control.

Stealth - Whatever channel attackers decide to choose, the goal is not to draw attention to themselves. An email or contact request must not stand out as unusual, or it could trigger interactions that could reveal it for what it really is. If that happens, it is no better than an opportunistic phishing attack.

Subterfuge - The close ally of stealth is technical subterfuge. In organizations who do not use email authentication, this usually includes using spoofed email addresses that appear to come from an internal address.

Software and Awareness is Key

As Blueprint states in their article, attackers will couple top domains with impersonated cloud services or portals used by the target organizations or users.

Software - This explains the value of carrying out reconnaissance on the software and services used by a target organization. Again, users rarely check these closely.

Awareness - The attack surface can be reduced in a variety of ways but ideally this should be done alongside changing the outlook of employees. A popular solution is to engage some form of anti-phishing awareness training.

The idea behind awareness training is to baseline the degree to which employees can be snared by test phishing scenarios, comparing their behavior when running the same tests weeks or months later. The best approach seems to be to start with a longer training session, running short monthly tests every month for a year.

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES