The hook is a malicious website designed to look and feel like a legitimate website. The authentic-looking website asks the victim to disclose privacy-related information, such as user identification and password. Often the hook is an obfuscated URL that is very close to one the victim finds legitimate and is really a site under the attacker’s control.
The lure is an enticement delivered through email. The email contains a message encouraging the recipient to follow an included hypertext link. The hyperlink often masks a spoofed uniform resource locator (URL) of a legitimate website.
The catch is when the originator of the phishing message uses the information collected from the hook to masquerade as the victim and conduct illegal financial transactions.
Today, more than ever, spear phishing attacks are focusing on national security targets and our federal users. For this reason, it is important to understand how to identify a phishing email and what steps to take to prevent identity theft, unauthorized system access, or mission compromise.
Remember to . . .
STOP, THINK, before you CLICK!
In 2010, during a joint military exercise sponsored by a functional Combatant Command, a service Red Team (as part of their exercise pre-positioning phase), identified 190 potential targets (first name, last name, and military ranks). The Red Team deduced, selected, and targeted 7 user e-mail accounts with 1 phishing email. The phishing e-mail was neither digitally signed nor encrypted and contained malicious code attached to a Microsoft Excel file. 2 of 7 targeted users clicked the phishing email.
This set forth a spiral of events that allowed the Red Team to establish connections, steal files, capture data, and remotely execute commands of their choosing. The Red Team eventually achieved Domain Admin Privileges over more than 6,800 user accounts, 5,400 computer accounts, and all associated password hashes. The detrimental impact on the technical and operational capabilities of the organization to perform its mission was high (high impact to the condentiality and integrity of information systems and networks).