Yesterday we reported how people in the UK experience, on average, 8,000 phishing attacks a month, and now we have more information on the techniques and processes cyber-criminals use when phishing.
According to a report by Computing, cyber-criminals love using LinkedIn as a 'front door' for both phishing and whaling attacks.
LinkedIn is a business social network that currently has more than 400 million users worldwide. Cyber-criminals are using it to approach potential targets and 'soften them up', before actually sending any malware.
Phishing is a fairly broad term for a technique in which crooks give potential victims bait via email, be it that one of their accounts is being revoked, or they're being notified of a debt somewhere, all for the purpose of them clicking on whatever is attached.
Attachments can sometimes be malware or ransomware, and sometimes can be links, leading to a fake, but legitimate-looking website where the victim needs to log in, and preferably submit personal information (in ideal situations for crooks, credit card info).
Whaling is pretty much the same thing, except the targets are mostly corporations.
Speaking to Computing, IT director at law firm BLM, Abby Ewen, shared her experience of a ‘determined’ phishing attack:
"We have had both via an email and telephone an attempt to extort money by someone purporting to be the CFO. It was intercepted both times because we have some very vigilant people trained to spot things that don't look right. We had one this week, a scam email passed to me by a partner, and the person who sent [the scam mail] had connected with the partner on LinkedIn prior to sending the email.
"LinkedIn was used as the front door into the scam," she said.