Spear-phishing is an attempt by a hacker to obtain confidential information about a user through fraudulent means by targeting a specific employee in order to gain access to information. While phishers are usually attempting to steal from the victim, spear phishers attempt to compromise the victim’s company’s network and systems to steal corporate secrets, intellectual property, customer details and other valuable information. “Spear phishers play on people’s emotions, and often use curiosity, fear or the offer of a reward to arouse interest,” says Scott Greaux, a VP at anti-spear phishing training firm Phishme by use of email. Spear phishing uses the weakest point in security and that is us (people) as Bruce Schneier states “People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.” by use of social engineering to deceit, manipulate and “influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.” ~ Kevin Mitnick. Fig. I – Spear Phising Continue reading Spear Phishing – Simple, very effective and most prevalent social engineering hacking technique
The world has become a digital village and each one of us has got various computing devices at their disposal (Mobile phones, Personal Computers, Laptops, and tablets). Operate myriads of social media accounts (Facebook, LinkedIn, yahoo, Gmail and many more). The common denominator for all of them is the ‘PASSWORD’. Oxford online dictionary password defines password as “A secret word or phrase that must be used to gain admission to a place” (Oxford Dictionary, 2014).