Skip to main content

How does Cyber Criminals Spear Phish you?

How does Cyber Criminals Spear Phish you?

  1. Cyber Criminals will scan thru internet and target business that 
    • Multiple presence globally
    • Have overseas customers
    • Have overseas suppliers
    • Doing regular bank transfer payment
  2. From your website, study your nature of your business
  3. Thru social engineering, ask for the finance/accounts key person's email address 
  4. Thru social media like Facebook, LinkedIn, study how to target the key person. 
  5. From the domain information, the cyber criminal can know whether the user is a Google, Office 365 or Domain Registrar POP/IMAP Mail Hosting  
  6. Obtain the key person email password by directing you to go to the fake website to authenticate identity and password.
  7. After obtaining the mail login credentials, login to webmail and setup 3 forwarding email rules to monitor your activities silently (See Below)
    • Email that has certain keywords in the subject or body like "late payment", "wire transfer", "due payment" and so on (See Below)
      • to identify potential victim 
    • Email sending "TO" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
    • Email receiving "FROM" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
  8. Buy a suitable similiar domain name under a fake identity
  9. Send email phishing to the targeted email address (planning for the next victim)
  10. Send spear phishing (phase 1) to the targeted email address to remind on upcoming payment
  11. Send spear phishing (phase 2) to the targeted email address to follow up on upcoming payment
  12. Send spear phishing (phase 3) to the targeted email address requesting for a change in bank account and to make a bank transfer 
The best way to know whether you are a victim of spear phishing is to check your email rules.

For Office 365 users

  1. In a web browser, sign in to Outlook Web App using the URL provided by the person who manages email for your organization. Enter your user name and password, and then select Sign in.
  2. At the top of the page, select Settings > Options.
  3. In Options, select Organize email > Inbox rules.

For Google users

  1. Login to Gmail
  2. Near the top right, select the Gear Icon and click on "Settings"
  3. Select "Filters and Block addresses"
  4. Go thru the rules





Over the years, cyber criminals have learnt how to monetize their criminal activities. It is so amazingly well structured and highly automated as well.

Are You in High Risk Group?

  • Your domain is using .com or .net
    • .com.sg or .sg are safer as you will need a SingPass to register these domain
  • If your domain has these letters 
    • g → q
    • m → rn (r & n)
    • n → ri (r & i)
    • i → 1 (numeric 1)
    • w → vv (2 v)  
    • d → cl (c & numeric l)
  • Multiple presence globally
  • Have overseas customers
  • Have overseas suppliers
  • Doing regular bank transfer payment
  • Do not have Endpoint Security
  • Do not have secure VPN/2FA
  • Use android phones
  • Do not change password regularly
  • Access webmail on public and friends PC/Notebook
  • Your email might be compromised - You can check here https://haveibeenpwned.com/ 

Comments

Post a Comment

Popular posts from this blog

Mail Flow Topology

It is important to understand the entire mail flow from sender to receiver. It helps to understand the entire mechanics and workings of all the several components that exists in the mail flow topology. The understanding of this will help you to troubleshoot why some email cannot be send or why you cannot receive certain emails. A - User compose a  email using Mail Client. The email is sent from mail client to mail server via SMTP, MAPI or ActiveSync. The Mailbox maintain constant connectivity B - Mail Server check for outgoing mail security rules/policies C - If YES, then check for Internal Mailbox D - Deliver to Mailboxes E - If uncached or new MX Domain record, then query MX from DNS Server F - Sender Mail to Receiver Mail Server via SMTP (25, 2525) or SMTPS (465) or SMTP/TLS (587) G - Received Mail Server check SPF records H - Mail Server check for incoming mail security rules/policies I - Mail Server check for valid user mailbox J - Mail Server deliver to User mailbox
Post a Comment
Read more

To Phish or To Be Phished

What is Phishing? Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. What is Spear Phishing? Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. The main difference betwen  Phishing  and  Spear Phishing , i
2 comments
Read more

Cloud Sync let you sync your Data from NAS to Cloud Storage

Cloud Sync let you sync your Data from NAS to Cloud Storage Cloud Sync  Cloud Sync integrates the advantages of public cloud and private cloud, enabling you to effortlessly connect your Synology NAS to public cloud services, such as Amazon Drive, BackBlaze B2, Dropbox, Google Cloud Storage, Microsoft Azure, OpenStack Swift, and more. Seamless synchronization between private and public clouds Cloud Sync enables you to seamlessly connect your local Synology NAS to public cloud services or on-premise storage through Amazon S3 API, OpenStack Swift, or WebDAV protocols. With Cloud Sync, you can enhance the collaboration when accessing between your local NAS and other remote cloud services, and can efficiently and easily back up data from or to public clouds. With Cloud Sync, you can seamlessly sync and share files among your Synology NAS and multiple public cloud services, including: Alibaba Cloud Object Storage Service (OSS) Amazon Drive (end of support as of November 1, 2020) Amazon S3 co
Post a Comment
Read more