www.eridiumdriver.com Open in urlscan Pro
135.181.34.149  Public Scan

Submitted URL: https://www.eridiumdriver.com/i067uvppx8iukq0b
Effective URL: https://www.eridiumdriver.com/awareness/v/i067uvppx8iukq0b/index.html
Submission: On January 26 via manual from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Toggle navigation
 * Home
 * phishing
 * vishing
 * smishing
 * social
 * tips


DON'T GET


HOOKED

HOW TO RECOGNIZE AND AVOID


PHISHING


ATTACKS


WHAT IS PHISHING?

THE GO-TO SOCIAL ENGINEERING STRATEGY

Phishing (pronounced like fishing) is a form of social engineering that uses
email or malicious websites (among other channels) to solicit personal
information from an individual or company by posing as a trustworthy
organization or entity. Phishing attacks often use email as a vehicle, sending
email messages to users that appear to be from an institution or company that
the individual conducts business with, such as a banking or financial
institution, or a web service through which the individual has an account. The
goal of a phishing attempt is to trick the recipient into taking the attacker’s
desired action, such as providing login credentials or executing a malicious
file.




PHISHING ATTACK METHODS

MASS-SCALE PHISHING

An attack where fraudsters cast a wide net of attacks that aren't highly
targeted.

READ MORE

MASS-SCALE PHISHING

The most common form of phishing is mass phishing because there are no specific
targets and the fraudulent social engineering technique is usually sent to
myriad of people. Thus, no information gathering is necessary for the phishing
attempt to be performed as the cyber-criminal disguises his message as coming
from an entity used by many people.

SPEAR PHISHING

Tailored to a specific victim or group of victims using personal details.

READ MORE

SPEAR PHISHING

Spear-phishing is referred to as “the main email attachment threat”. A common
manner of tricking targets in spear-phishing is to disguise a malicious
attachment in a file extension that the victim will not open as a corporate
document in a popular file extension used for various documents

Furthermore, in spear-phishing, perpetrators often disguise their messages as
coming from within the entity they wish to penetrate which is also where the
target works, whereas in mass-phishing, they impersonate a global and/or popular
brand to which the victim may or may not be a customer and such cyber-criminals
do not wish to infiltrate the brand they impersonate.

WHALING

Specialized type of spear phishing that targets a "big" victim within a company.

READ MORE

WHALING

Whaling is a type of fraud that targets high-profile end users such as C-level
corporate executives, politicians and celebrities.

As with any phishing endeavor, the goal of whaling is to trick someone into
disclosing personal or corporate information through social engineering, email
spoofing and content spoofing efforts. The attacker may send his target an email
that appears as if it's from a trusted source or lure the target to a website
that has been created especially for the attack. Whaling emails and websites are
highly customized and personalized, often incorporating the target's name, job
title or other relevant information gleaned from a variety of sources.


KEEP YOUR EYES OPEN FOR ALL FORMS OF PHISHING ATTACKS!


EMAIL PHISHING

Fraudsters send phony emails that appear to come from valid sources in an
attempt to trick users into revealing personal and financial information.


WHAT TO LOOK FOR?

From: Easy Pay Support

To: ap@yourcompany.com CC: Subject: Please pay overdue toll

 * Message
 * E-pass 0000319.zip



Notice to Appear,



Impersonalized
Messages

You have not paid for driving on a toll road
and the fee past due



Scare Tactics

The copy of the invoice is attached to this email.

Best Regards,
John Doe,

Easypass Agent.



Imitating a Known Brand



Sender Name and Domain Spoof Known Brand

Compressed Attachments


HIGHLY PERSONALIZED MESSAGES

Unlike mass phishing emails, spear
phishing messages are highly
personalized and will
often reference coworkers' or friends' names.




 * To : jsmith@bigbank.com
 * Subject : Urgent Notice
 * Dear James,
   We were contracted by your HR Director, Anne Wallece.


EMBEDDED MALICIOUS FILES

Common file attachments (.doc, .xls, .ppt, etc.) can contain malicious macros.

 * Security warning
 * Macros have been disabled.
 * Enable content





SPOOFED LINKS

Spoofed link text can hide a hyperlink's actual destination to a Spoofed
Website.



 * To : jsmith@bigbank.com
 * Subject : Urgent Notice

 * www.bigbank.com




SPOOFED WEBSITES

Links to spoofed versions of well-known websites can look legitimate to the
untrained eye. They are used to steal info submitted via forms and/or distribute
malware to visitors.



https://www.bankofannerica.com

 * Secure Sign In
 * Banking
 * credit cards




VISHING

Short for "voice phishing," vishers use the telephone to solicit unsuspecting
victims for financial or personal details.


WHAT TO LOOK FOR?


PERSONAL DATA

It can be gathered from social media profiles, providing criminals with
sensitive details to make attacks seem more legitimate.




FEAR TACTICS

Vishers use fear tactics to con you into thinking your money is in danger and
you must act quickly.




PERSUASIVE PHONE TACTICS

Their tactics are "too good to be true" and are a dead giveaway of criminal
activity.

 * Phoenix,
 * AZ 555-555-5555

Scammers often alter phone numbers/IDs to disguise the real origin of the call.


VISHERS ARE POSING AS IRS AGENTS

THREATENING PARTIES WITH ARREST, DEPORTATION, LICENSE REVOCATION, ETC.

IRS REPORTS FROM JANUARY 2016 SHOW THAT SINCE OCTOBER 2013:

896,000

people have been solicited by scammers claiming to be IRS officials.

 * 


 * 5000

 * 


VICTIMS HAVE COLLECTIVELY

 * paid
   over
 * $26.5 MILLION


SMISHING

SMS messaging attacks where fraudsters send phony texts in an attempt to con you
into divulging private information or infecting your phone with malware.


WHAT TO LOOK FOR?


'5000' OR OTHER NON-CELL NUMBERS



are most likely scammers masking their identity by using email-to-text services.

Spoofed Websites are most likely scammers masking their identity by using
email-to-text services.

5000
Dear Walmart shopper, Congratulations! You have just won a $1000 Walmart Gift
Card. Click here to claim your gift.

www.wmartlick.com



(cancel: reply STOP)

(405) 777-0909
Notice: this is an automated message from Miami University Community Federal
Credit Union. Your ATM card XXX4 0505 has been suspended. Click this link to
reactivate: bitly.ru/ar f4qwpr zf3290



Smishers are most likely scammers masking their identity by using email-to-text
services, unknown numbers or unsolicited messages.

Smishers may use the first few digits of your debit/credit card to pressure a
response.



BANKS, FINANCIAL INSTITUTIONS, SOCIAL MEDIA PLATFORMS, AND OTHER BUSINESS
ACCOUNTS SHOULD BE CONTACTED DIRECTLY TO DETERMINE IF THEY SENT YOU A LEGITIMATE
SMS REQUEST.

SMISHERS HAVE EVEN SPOOFED THE TWO-FACTOR AUTHENTICATION FOR GMAIL, HOTMAIL, AND
YAHOO MAIL

Authentication systems were breached by "smishers" who conned users into
resetting their passwords in order to gain access to victims' email accounts.

 * 1
 * 

An attacker secures a victim's email address / phone number from public sources.

 * 2
 * 

The attacker poses as the victim and asks Google for a password reset.

 * 3
 * 

Google sends a reset code to the victim.

 * 4
 * 

The smisher texts victim with fraudulent message: "Google has detected unusual
activity on your account. Please respond with the code sent to your mobile
device immediately."

 * 5
 * 

The victim sends the password verification code to the smisher, thinking that
the request came from Google.

 * 6
 * 

The attacker uses the code to reset the victim's password and take control of
their account.


SOCIAL MEDIA PHISHING

CYBER CRIMINALS USE SOCIAL MEDIA AS A CHANNEL TO CARRY OUT PHISHING ATTACKS
AIMED AT STEALING PERSONAL INFORMATION OR SPREADING MALWARE. SOME ATTACKS ARE
EVEN USED TO HIJACK YOUR ACCOUNTS AND LAUNCH FOLLOW-UP ATTACKS ON YOUR
CONNECTIONS OR FOLLOWERS.


WHAT TO LOOK FOR?

PLAY-PRETEND

Scammers create a replica account and inform victim friends/followers that their
previous account was abandoned. Messages are sent to victim friends asking the
recipient to click on a link with the aim of collecting personal data, e.g.,
credit/debit card numbers.

BOGUS POSTS

Social network feeds can contain bogus posts that trick users into clicking on a
link and providing personal info.

SOCIAL MEDIA MALWARE

Scammers can pose as a friend/follower and send messages with links to sites
that are infected with malware. Even messages from known friends and followers
may include links to sites that have been hacked.

 * 
 * Ray Thomas
   30 mins

Decided to make a new account



 * 
 * Ray Thomas
   30 mins
   


 * 
 * Ray Thomas
   30 mins

Hey! check this out,i cant’t believe
they got this picture of you!!!

bitly.xyz/345Fw041




Ray Thomas



Hey Joe!, You should sign up for this free giveway.
http://bitly.xyz/345Fw041

Admin



Hey Joe!,We notice a security thread on your account. Would you like to rest
your password now?
http://bitly.xyz/345Fw041



STAY SUSPICIOUS

Phishers can pose as admins from social networking sites in an effort to gain
access to passwords/other account info.


FIRST THINGS FIRST - BE VIGILANT ONLINE AND USE YOUR COMMON SENSE!

 * Always be suspicious of any unsolicited communication from businesses or
   individuals, regardless of the message medium.
 * Don't click on links or attachments in suspect emails, texts, or social media
   messages.
 * Directly contact the purported sender via their official website, phone
   number, or email address if you are not sure about the legitimacy of a
   message you have received.
 * Report suspected phishing scams to your IT and security teams.
 * File a complaint with the FBI Crime Complaint Center (IC3) to help shut down
   cyber criminals.

© Copyright 2022 ASK. All Rights Reserved.