Why Spear-Phishing Hacks Are So Successful

Exploiting poor security. Tracking with spyware. Creating fake employees. It's all about information gathering.

By now, many healthcare employees know they should not click on unsolicited links or emails, or go to a web site without exercising caution. However, security is not their full-time job. They’re not constantly and closely scrutinizing email for threats, so it’s no wonder that some threats get through.

That’s what spear-phishing hackers are counting on. When a solicitation for information is made by an email recipient and received back by the hackers, that’s when information gathering on the target starts, says Paul Everton, founder of anti-spy mail company MailControl.

Hackers treat information gathering like the CIA does, he notes, gathering enough intelligence on an organization to understand what data it has, who talks to who in the organization, who approves payment or data transfers, and who the organization’s partners are. “The more information leaking out about how you do business and who you do business with makes this possible,” Everton contends.

Most healthcare providers do not know that about 60 percent of all emails are tracked with spyware, which is an email extension that relays user habits such as when and where an email was opened, what links were clicked, and everyone who had the email forwarded to them, according to Everton.

Once the homework is done, a hacker can call a target, posing as another employee, and ask for an invoice for a particular contractor that has a relationship with the healthcare organization, because the hacker found the contractor on the organization’s web site.

Or, a hacker can send an email to an employee with a tracking code and get the employee to send the mail to the organization’s accounting firm. Then, the hacker can email the firm, identify himself and his company, and ask for the company’s customer list, giving a similar company email address that is really going back to the hacker.

Consequently, nothing seems unusual when the fake employee—sending an email under a legitimate employee name and acting in the normal course of business—then says, “We need to pay this vendor $100,000; here’s the account to be approved and here’s where the payment goes.”

The bottom line, it’s all about the information gathering first, Everton says.

Information-Management

 

« New Cyber Tricks Make ISIS Sophisticated
Staff Training 'Not enough to stop most data breaches' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

Pipeline Security

Pipeline Security

Pipeline Security protects businesses with real-time threat data, threat detection & prevention, continuous cyber security monitoring and security analytics.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.

Cloud Native Computing Foundation (CNCF)

Cloud Native Computing Foundation (CNCF)

CNCF seeks to drive adoption of cloud native technologies by fostering and sustaining an ecosystem of open source, vendor-neutral projects.