What is next on Phishing Front? It is AI Powered Spear
Phishing.
How hackers will use machine learning to sharpen the
spear?
For hackers, spear phishing has always been a tradeoff. But
that’s coming to an end. Artificial intelligence will enable the creation of
large volumes of targeted messages meant to steal user credentials.
What is phishing?
Sending emails, text messages, and other communications that
trick users to click on a malicious link often with the end goal of obtaining
the user’s ID and password and in some cases lock the system and release it for
a ransom.
What is spear phishing?
Similar to phishing, except the messages are much more
targeted, increasing the chances of the user falling for the attack.
How Hackers Spear Phish?
- Gather information about the target. Both online
and offline. In many cases, the hackers gather information about
you, your colleagues and your boss.
- Craft a high-quality, personalized message based on the
above information, which makes it look genuine.
- Send the message with a link to malicious software.
- Let the linked software/website steal the user's
credentials.
The Spear Phishing is a bit laborious for the hackers but it
has increased the success rates of attacks compared to Normal Phishing which is
like throwing a dart in the dark. Gathering information is
time-intensive. AI Helps the hackers in this by gathering information
from
- Personal information such as work relationships as
shared by users or available in public domain.
- Events and planned activities shared on social media
platforms.
- Tone of communication on the Social Media platforms.
With all these the content is fabricated to communicate the
need and a sense of urgency, to which the victim falls prey.
By using security servers, clean messages which get delivered to your mailboxes is only around 15%. Rest 85% of potential spams, mails
from potential unsafe domains etc are blocked at Messaging Gateway.
Even in the 15% so called clean messages, quite a lot of SPAMs sneak in. But the fact is that the
Hackers are always one step ahead of the security mechanisms.
How to be careful?
- Check on what you share on Social Media
Platforms. Don’t share any personal or specific information which
the hacker can use to dig more info and come back to you with.
- Do not share company information with anyone whom you
don’t know - like market surveys, tele callers etc.
- Stop the urgency to click on a link, which is shared
with you on mail/sms/whatsapp.
- Question unknown messages they receive.
Lastly, in case of any doubt, don’t act… get in touch with your cyber expert.