Special Kids Individualized Learning Life Skills
Example 1: Hook, Line and Phished
Hook, Line, and Phished
True Story: One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Yep, they had gotten phished. And, once the attacker got their hands on those email credentials, they logged into the accountant’s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money. Read the full story here, page 16.
Moral of the Story:
- Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky’s the limit for attackers.
- Require/use MFA wherever possible. If MFA had been required on email in the story above, this incident could have been prevented.
- If you read the full story, you’ll find out that the organization relied heavily on tools to block fishy URLs on the corporate network. However, the accountant was on their home network when they had received the phishing email, and consequently, out of reach from the URL blocking tools. If they aren’t the main line of defense, your employees will be the last stand against an attacker. So, that’s why employee education is just as important as security technology.