Horay ayaad wax uga ogeyd Phish^(Phishing) -ka: habka loo dhigo xoogaa sed ah oo la sugo qof si uu u shaaciyo xogtiisa gaarka ah. Phishing waxa ay ku timaadaa dhadhano badan sida  Spear^{(Spear Phishing)} phishing , Tabnabbing , Nibiriga^(Tabjacking) , Tabjacking^(Whaling) , iyo Vishing and Smishing. Laakiin weli waxaa jira nooc kale, kaas oo ah Spear Phishing .

Waxaa laga yaabaa inaad horey ula kulantay Spear Phishing^{(Spear Phishing)} . Markaad isticmaalayso farsamadan, dambiilayaasha internetka ayaa fariin kuu soo diraya cid aad taqaanid. Fariinta ayaa ku weydiinaysa macluumaadkaaga shakhsiyeed iyo midka maaliyadeed. Mar haddii ay u muuqato inay ka timid cid la yaqaan, kaliya waxaad ku jawaabtaa fikir labaad la'aan.

Waa maxay Spear phishing

Spear Phishing waa hab ay dambiilayaasha internetka u adeegsadaan farsamo la bartilmaameedsaday si ay kuugu khiyaaneeyaan inaad rumaysato inaad email sharci ah ka heshay cid la yaqaan, oo ku weydiinaysa macluumaadkaaga. Hay'addu waxay noqon kartaa qof ama urur kasta oo aad la macaamilayso.

Way fududahay in laga dhigo mid asal ah. Dadku waa inay iibsadaan xayndaab laxidhiidha oo ay isticmaalaan domain-hoosaad u eg ururka aad taqaan. Waxay kaloo u ekaan kartaa aqoonsiga iimaylka ee qofka aad taqaan. Tusaale ahaan, something.com waxay yeelan kartaa subdomain magaciisu yahay paypal.something.com . Tani waxay u oggolaanaysaa inay abuuraan aqoonsi iimaylka ah oo taga [email protected] . Tani waxay si qurux badan ula mid tahay aqoonsiga^(IDs) iimaylka ee la xidhiidha PayPal .

Inta badan, dambiilayaasha internetka ayaa isha ku haya dhaqdhaqaaqaaga internetka^(Internet) , gaar ahaan warbaahinta bulshada. Marka ay wax macluumaad ah kaaga helaan shabakad kasta, waxay heli doonaan fursad ay macluumaadka kaa soo saaraan.

Tusaale ahaan, waxaad soo dhejisaa cusbooneysiin adoo sheegaya inaad telefoon ka soo iibsatay Amazon goob kasta oo xiriir bulsho. Kadib waxa aad imayl ka helaysaa Amazon oo sheegaya in kaadhkaga la xannibay oo aad u baahan tahay in aad xaqiijiso akoonkaaga ka hor inta aanad wax soo iibsan. Maadaama aqoonsiga iimaylka uu u eg yahay Amazon , waxaad si diyaar ah u siinaysaa macluumaadka ay ku weydiiyaan.

Si kale haddii loo dhigo, Spear phishing waxa uu beegsaday Phishing^{(Spear Phishing has targetted Phishing)} . Aqoonsiga^(IDs) iimaylka iyo fariimaha adiga ayaa lagu gaaryeelay - iyadoo lagu salaynayo macluumaadka laga heli karo internetka^(Internet) adiga.

Tusaalooyinka Spear phishing

In kasta oo phishing ay tahay shay maalinle ah oo qaar badan oo ka mid ah ay yaqaaniin si ku filan si loo ilaaliyo, qaar weli way ku dhacaan.

Mid ka mid ah tusaalooyinka phishing-ka waran ugu wanaagsan uguna caansan waa habka loo beegsaday cutubka RSA ee ^(RSA)EMC . RSA waxay mas'uul ka ahayd amniga internetka ee EMC . Dembiilayaasha internetka waxay soo direen laba iimayl, mid walbana wata faylka EXCEL oo uu ku jiro ^(EXCEL)MACRO firfircoon . Cinwaanka emailka ayaa lagu sheegay inuu yahay Qorshe Shaqaalaysi^{(Recruitment Plan)} . In kasta oo labada emailba lagu shaandheeyay faylalka junk^{(Junk Folders)} ee shaqaalaha, mid ka mid ah shaqaalaha ayaa ogaaday oo soo celiyay. Markii la furay, MACRO waxay u furtay albaab dambe oo loogu talagalay dadka soo diray emailka. Kadib waxay awoodeen inay soo iibiyaan shahaadooyinka shaqaalaha. Inkastoo ay tahay shirkad ammaan, haddii RSAwaa la khiyaami karaa, qiyaas nolosha isticmaalayaasha internetka^(Internet) ee aan laga shakin .

Tusaal kale oo ku saabsan shirkadda amniga internetka, waxaa jiray iimaylo ka yimid dhinacyo saddexaad oo ku khiyaameeyay maamulayaasha inay rumaystaan ​​inay shaqaalahoodu tahay inay faahfaahin weydiiyaan. Markii dambiilayaasha internetka ay heleen macluumaadka iyaga oo iska dhigaya shaqaale ahaan email ahaan, waxay awoodeen inay lacag ka helaan shirkadda oo lagu wareejiyo akoonnada dembiilayaasha ee xeebaha. Waxaa la sheegay in Ubiquity ay lumisay in ka badan $47 milyan oo doolar khiyaanada waranka-fiishka awgeed.

Khiyaamooyinka Whaling^(Whaling) & Spear phishing ayaa soo ifbaxaya arrimo amniga internetka ah. Waxaa jira farqi dhuuban oo u dhexeeya labada. Spear Phishing wuxuu bartilmaameedsadaa koox dad ah - sida iimaylka bartilmaameedka u ah shaqaalaha shirkadda, macaamiisha shirkadda, ama xitaa qof gaar ah. Khayaanada ^(Scams)Whaling waxay caadi ahaan beegsataa maamulayaasha heerka sare ah.

Ilaalinta phishing-ka

Had iyo jeer xasuusnoow in aysan jirin shirkad e-commerce ku weydiin doonta macluumaadkaaga gaarka ah iimaylka ama taleefanka. Haddii aad hesho fariin nooc kasta ah oo ku weydiinaysa tafaasiisha aanad ku qanacsanayn la wadaaga, tixgeli inay tahay isku day waran-phishing oo si toos ah u jar. Iska daa iimaylka^(Ignore) , fariimaha oo kale demi wicitaanada noocaan ah. Waxaad ka xaqiijin kartaa ururka ama qofka ka hor inta aanad ka jawaabin mustaqbalka.

Hababka kale ee ilaalinta Spear phishing , waa in la wadaago oo keliya inta looga baahan yahay shabakadaha xidhiidhka bulshada. Waxaad odhan kartaa waa sawirka taleefankaaga cusub oo dheji halkii aad ku dari lahayd inaad ka soo iibsatay ururka XYZ - taariikh cayiman.

Waa inaad barataa sida loo garto weerarrada^{(identify Phishing Attacks)} phishing-ka si aad wax badan uga ogaato ilaalinta phishingka guud ahaan. Asal ahaan^(Basically) , waa inaad haysataa software ammaan oo wanaagsan oo si fiican u shaandhaysa iimaylkaaga. Waxaad ku dari kartaa caddaynta iimaylka iyo sirta macaamiisha iimaylka ee aad isticmaashid si aad si fiican u ilaaliso. Qaar badan^(Many) oo ka mid ah isku dayga-fishing-ka ayaa laga yaabaa in lagu qabto barnaamijyada shahaado-akhrinta oo lagu dhex dhisay ama lagu rakibay macmiilka iimaylka.

Stay safe, stay sharp when online!

What is Spear Phishing? Explanation, Examples, Protection

Υou already know about Phishing: the process of putting in some bait and waiting for someone to divulge his/her personal information. Phishing comes in many flavors like Spear Phishing, Tabnabbing, Whaling, Tabjacking, and Vishing and Smishing. But there is yet another type, and that is Spear Phishing.

You may have already come across Spear Phishing. When using this technique, cybercriminals send you a message from an entity that you know. The message asks you for your personal and financial information. Since it appears to originate from a known entity, you just reply without a second thought.

What is Spear Phishing

Spear Phishing is a method where cybercriminals use a targetted technique to dupe you into believing that you received a legitimate email from a known entity, asking you for your information. The entity can be a person or any organization that you deal with.

It is easy to make it look original. People just have to purchase a related domain and use a subdomain that looks like the organization you know. It can also look like the email ID of a person you know. For example, something.com can have a subdomain named paypal.something.com. This allows them to create an email ID that goes [email protected]. This looks pretty identical to email IDs related to PayPal.

In most cases, cybercriminals keep an eye on your activities on the Internet, especially on social media. When they get any information from you on any website, they’ll grab the opportunity to extract information from you.

For example, you post an update saying you bought a phone from Amazon on any social networking site. Then you receive an email from Amazon saying your card is blocked and that you need to verify your account before making any more purchases. Since the email ID looks like Amazon, you readily give away the information they ask.

In other words, Spear Phishing has targetted Phishing. The email IDs and messages are personalized for you – based on information available on the Internet about you.

Spear Phishing Examples

While phishing is a daily thing and many are familiar with it enough to stay protected, some still fall prey to it.

One of the best and popular spear phishing examples is the way RSA unit of EMC was targeted. RSA was responsible for the cybersecurity of EMC. The cybercriminals sent two emails, each with an EXCEL file containing an active MACRO. The title of the email was said to be Recruitment Plan. While both the emails were filtered into the Junk Folders of employees, one of the employees got curious and retrieved it. When opened, the MACRO opened a backdoor for the people who sent the email. They were then able to procure the credentials of employees. Despite being a security firm, if RSA could get tricked, imagine the life of unsuspecting regular Internet users.

In yet another example concerning a cybersecurity firm, there were emails from third parties that tricked managers into believing that it was their employees asking for details. When the cybercriminals got the information by posing as employees over email, they were able to get money transferred from the company to criminals’ offshore accounts. It is said that Ubiquity lost over $47 million due to the spear-phishing scam.

Whaling & Spear Phishing scams are emerging cyber-security issues. There is a thin line of difference between the two. Spear Phishing targets a group of people – like an email that targets employees of a company, customers of a company, or even a specific person. Whaling Scams typically targets high-level executives.

Spear Phishing protection

Always remember that no e-commerce company will ask you for your personal information via email or phone. If you receive any message in any form asking you for details that you don’t feel comfortable sharing, consider it a spear-phishing attempt and cut it off directly. Ignore such emails, messages and switch off such calls. You can confirm with the organization or person before responding in the future.

Among other Spear Phishing protection methods, is to share only as much as is needed on social networking sites. You can say it is a photo of your new phone and post it instead of adding you bought it from XYZ organization – on a certain date.

You have to learn to identify Phishing Attacks to know more about protection from phishing in general. Basically, you should have good security software that filters your email well. You can add email certifications and encryptions to the email clients that you use so that you are better protected. Many of the spear-phishing attempts may get caught with certificate-reading programs built into or installed to the email client.

Stay safe, stay sharp when online!

Related posts

• Madaxbanaanida Dijital ah - Qeexid, Macnaha, Tusaalooyinka iyo Sharaxaad

• Kaabayaasha Adeeg ahaan - Qeexid, Sharaxaada iyo Tusaalooyinka

• Weerarada Ransomware, Qeexid, Tusaalayaal, Ilaalinta, Bixinta

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• Noocyada Phishing-Sheet-qiyamka iyo Waxyaabaha aad u baahan tahay inaad ogaato

• Waa maxay Domains Parked iyo Doomaha Qulqulka?

• Ilaalinta Ilaha Windows ma bilaabi karto adeegga dayactirka

• CSS Exfil Ilaalinta biraawsarka kordhinta waxay bixisaa CSS Exfil weerar nuglaanta

• Sida loo dejiyo Ilaalinta Folderka ee kootada OneDrive

• Waa maxay Google Advanced Protection Program?

• Waa maxay liiska cad ee BIOS? Sharaxaada iyo ka saarida.

• Daar oo ku habbee Ilaalinta Ransomware ee Difaaca Windows

• Waa maxay astaanta Ilaalinta Tamper ee gudaha Windows 11/10

• Adeegga Platform Ilaalinta Software Sppsvc.exe taasoo keenaysa isticmaalka CPU sare

• Nabadgelyada qof walba - Dib u eeg Ilaalinta Guud ee McAfee

• Qeexida Weerar ku buufida Password-ka iyo Difaaca naftaada

• Xatooyada Aqoonsiga onlaynka ah: Talooyin ka hortag iyo ilaalin

• Waa maxay Ilaalinta Xisaabaadka ee Windows 11/10 iyo sida loo qariyo qaybtan

• Fayraska COVID-19 phishing, khayaanada, khiyaanada iyo qorshayaasha

• Ciwaanka shaqadu waxa uu sababay Cilad Ilaalinta - Cilad Daabacaad