Skip to main content

How does Cyber Criminals Spear Phish you?

How does Cyber Criminals Spear Phish you?

  1. Cyber Criminals will scan thru internet and target business that 
    • Multiple presence globally
    • Have overseas customers
    • Have overseas suppliers
    • Doing regular bank transfer payment
  2. From your website, study your nature of your business
  3. Thru social engineering, ask for the finance/accounts key person's email address 
  4. Thru social media like Facebook, LinkedIn, study how to target the key person. 
  5. From the domain information, the cyber criminal can know whether the user is a Google, Office 365 or Domain Registrar POP/IMAP Mail Hosting  
  6. Obtain the key person email password by directing you to go to the fake website to authenticate identity and password.
  7. After obtaining the mail login credentials, login to webmail and setup 3 forwarding email rules to monitor your activities silently (See Below)
    • Email that has certain keywords in the subject or body like "late payment", "wire transfer", "due payment" and so on (See Below)
      • to identify potential victim 
    • Email sending "TO" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
    • Email receiving "FROM" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
  8. Buy a suitable similiar domain name under a fake identity
  9. Send email phishing to the targeted email address (planning for the next victim)
  10. Send spear phishing (phase 1) to the targeted email address to remind on upcoming payment
  11. Send spear phishing (phase 2) to the targeted email address to follow up on upcoming payment
  12. Send spear phishing (phase 3) to the targeted email address requesting for a change in bank account and to make a bank transfer 
The best way to know whether you are a victim of spear phishing is to check your email rules.

For Office 365 users

  1. In a web browser, sign in to Outlook Web App using the URL provided by the person who manages email for your organization. Enter your user name and password, and then select Sign in.
  2. At the top of the page, select Settings > Options.
  3. In Options, select Organize email > Inbox rules.

For Google users

  1. Login to Gmail
  2. Near the top right, select the Gear Icon and click on "Settings"
  3. Select "Filters and Block addresses"
  4. Go thru the rules





Over the years, cyber criminals have learnt how to monetize their criminal activities. It is so amazingly well structured and highly automated as well.

Are You in High Risk Group?

  • Your domain is using .com or .net
    • .com.sg or .sg are safer as you will need a SingPass to register these domain
  • If your domain has these letters 
    • g → q
    • m → rn (r & n)
    • n → ri (r & i)
    • i → 1 (numeric 1)
    • w → vv (2 v)  
    • d → cl (c & numeric l)
  • Multiple presence globally
  • Have overseas customers
  • Have overseas suppliers
  • Doing regular bank transfer payment
  • Do not have Endpoint Security
  • Do not have secure VPN/2FA
  • Use android phones
  • Do not change password regularly
  • Access webmail on public and friends PC/Notebook
  • Your email might be compromised - You can check here https://haveibeenpwned.com/ 

Comments

Post a Comment

Popular posts from this blog

Mail Flow Topology

It is important to understand the entire mail flow from sender to receiver. It helps to understand the entire mechanics and workings of all the several components that exists in the mail flow topology. The understanding of this will help you to troubleshoot why some email cannot be send or why you cannot receive certain emails. A - User compose a  email using Mail Client. The email is sent from mail client to mail server via SMTP, MAPI or ActiveSync. The Mailbox maintain constant connectivity B - Mail Server check for outgoing mail security rules/policies C - If YES, then check for Internal Mailbox D - Deliver to Mailboxes E - If uncached or new MX Domain record, then query MX from DNS Server F - Sender Mail to Receiver Mail Server via SMTP (25, 2525) or SMTPS (465) or SMTP/TLS (587) G - Received Mail Server check SPF records H - Mail Server check for incoming mail security rules/policies I - Mail Server check for valid user mailbox J - Mail Server deliver to User mailbox
Post a Comment
Read more

How to have the Best Video Conference Meeting Experience?

Better Video/Audio  Good WebCam -  Logitech FHD WebCam , Microsoft LifeCam, Razer Kiyo Good Microphone - Blue Yeti, Samson Go, Razer   Good Headset -  Logitech ,  Plantronics ,  Jabra Good Speakerphone - Jabra , Logitech , Poly (Plantronics) , Yealink Better Position Realign eye level to webcam Better Lighting  Avoid any light source like windows or lamp behind you Observe 3 point Lighting Enable FHD  In Zoom https://support.zoom.us/hc/en-us/articles/207347086-Group-HD Need Business, Enterprise and Education (Pro version can support HD 720p only) Run on i7 processor notebook Enable Group HD Select Full HD (1080P) Need at least  Receiving (Download) 2.5 Mbps   Sending (Upload) 3Mbps  Check here https://www.speedtest.sg In Microsoft Teams Default is FHD 1080p IT Support, IT Company, IT Services Win-Pro Singapore IT Support, IT Company, IT Services Win-Pro Malaysia
Post a Comment
Read more

The Value Of IT Support Service In Running A Successful Business

Managing an IT department in Singapore is just one of one of the most challenging aspects of running an organization. It can be costly and time-consuming especially for small as well as medium-sized enterprises. This is why more and more organizations are selecting to outsource their IT requires to 3rd parties. It’s a choice that is not only less expensive yet additionally enables ventures to focus all their efforts on their core operations. The surge of IT support business is a testimony to their dependability as well as the obvious count on that service put on them   IT Support Singapore . Is IT Support Really Necessary? In today’s technology-driven setting, it’s really crucial for businesses to make certain that their IT needs are fulfilled not just for the business but also for the purpose of their consumers as well. This is specifically true for a very urbanized nation with a tech-savvy population like Singapore. For this reason alone, IT sustain upkeep in Singapore is definitely
Post a Comment
Read more