Skip to main content

How does Cyber Criminals Spear Phish you?

  1. Cyber Criminals will scan thru internet and target business that 
    • Multiple presence globally
    • Have overseas customers
    • Have overseas suppliers
    • Doing regular bank transfer payment
  2. From your website, study your nature of your business
  3. Thru social engineering, ask for the finance/accounts key person's email address 
  4. Thru social media like Facebook, LinkedIn, study how to target the key person. 
  5. From the domain information, the cyber criminal can know whether the user is a Google, Office 365 or Domain Registrar POP/IMAP Mail Hosting  
  6. Obtain the key person email password by directing you to go to the fake website to authenticate identity and password.
  7. After obtaining the mail login credentials, login to webmail and setup 3 forwarding email rules to monitor your activities silently (See Below)
    • Email that has certain keywords in the subject or body like "late payment", "wire transfer", "due payment" and so on (See Below)
      • to identify potential victim 
    • Email sending "TO" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
    • Email receiving "FROM" certain email address of the potential victim
      • to monitor, analyse and plan for the right time to strike
  8. Buy a suitable similiar domain name under a fake identity
  9. Send email phishing to the targeted email address (planning for the next victim)
  10. Send spear phishing (phase 1) to the targeted email address to remind on upcoming payment
  11. Send spear phishing (phase 2) to the targeted email address to follow up on upcoming payment
  12. Send spear phishing (phase 3) to the targeted email address requesting for a change in bank account and to make a bank transfer 
The best way to know whether you are a victim of spear phishing is to check your email rules.

For Office 365 users

  1. In a web browser, sign in to Outlook Web App using the URL provided by the person who manages email for your organization. Enter your user name and password, and then select Sign in.
  2. At the top of the page, select Settings > Options.
  3. In Options, select Organize email > Inbox rules.

For Google users

  1. Login to Gmail
  2. Near the top right, select the Gear Icon and click on "Settings"
  3. Select "Filters and Block addresses"
  4. Go thru the rules





Over the years, cyber criminals have learnt how to monetize their criminal activities. It is so amazingly well structured and highly automated as well.

Are You in High Risk Group?

  • Your domain is using .com or .net
    • .com.sg or .sg are safer as you will need a SingPass to register these domain
  • If your domain has these letters 
    • g → q
    • m → rn (r & n)
    • n → ri (r & i)
    • i → 1 (numeric 1)
    • w → vv (2 v)  
    • d → cl (c & numeric l)
  • Multiple presence globally
  • Have overseas customers
  • Have overseas suppliers
  • Doing regular bank transfer payment
  • Do not have Endpoint Security
  • Do not have secure VPN/2FA
  • Use android phones
  • Do not change password regularly
  • Access webmail on public and friends PC/Notebook
  • Your email might be compromised - You can check here https://haveibeenpwned.com/ 

Comments

Popular posts from this blog

The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools. Whether a company is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. SME Cyber Security Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats. To know more CyberSecurity  https://www.winpro.com.sg/it-security/ IT Support, IT Company, IT Services Win-P...
What is Phishing? Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. What is Spear Phishing? Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. The main difference betwen  Phishing  and  Spea...
What is antivirus software? Antivirus is software purpose-built to detect and destroy threats like viruses, malware, ransomware, spyware and others. It helps protect your computer against malware and cyber criminals. Antivirus software looks at data — web pages, files, software, applications — traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible. What is antivirus software designed to do? Antivirus software is a program or umbrella of programs whose purpose is to scan for and eradicate computer viruses and other malicious software, also known as malware. Antivirus software is a vital component of your overall online and computer security strategy in its protection against data and security breaches along with other threats. A computer virus is similar to a cold virus. It’s designed to go from one computer or device to the next, copying...