The technological threats that have occurred during those years seem to be following a certain pattern: The aspiring hackers find a way to violate a system in order to get access to valuable information and data. In response to that, the system administrators along with the professionals in security matters, develop new methods to detect and prevent. The attackers then find new ways to violate the same systems and avoid being detected and the ones who are being attacked work on more advanced security measures that work until someone else finds a new way to violate those too. It seems to be a vicious circle.
With cyberattacks becoming more and more frequent and aggressive, there is a need for emphasis to be given at consistent evaluations, precaution measures and information security management. So, in order for IT teams to discover new ways to become more effective with less resources, they discover new ways to reuse the infrastructure of central computers.
One of the most common ways to protect companies is to hire hackers work for them. And the truth is, is sounds pretty effective making the other side of the law working for you.
During a conference held on the threat of hackers, a professional hacker who works for a great company that belongs to Silicon Valley stated in the Business Insider, that the easiest way to penetrate into the system of the client is to deceive him to click on an infected link of a seemingly innocent unread email.
That way the attacker has the ability to acquire all the personal information from his client such as username, password and other crucial information that will get grand him access to the whole system.
This tactic is known as “phishing”, and it can be pulled even by amateurs. So, if it is used by a professional, the phishing technique, can become a very dangerous tool.
In contrast with the criminals that send emails with messages such as “Congratulations, you won $1.000.000.000”, the more advanced hackers dedicate much time in learning as much as they can about their target in order to create an email or an entire persona, that will look authentic so that the potential victim does not suspect a thing.
Here is how the whole process is done:
The same hacker who of Silicon Valley describes a scenario where he might be looking for vulnerabilities in the security system of a big airlines company.
First, he will search LinkedIn to find the appropriate victim, preferably a person that will not know a lot about technology, like an employee whose post has nothing to do with tech or a new recruit who wouldn’t know enough in order to recognize a suspicious email.
Then, the attacker will try to guess the victim’s email by trying a formal professional email address such as “name of the victim@name of the company.com” and then he will start sending emails until he gets the right one.
Once the correct email address has been revealed, the hacker starts spying on the social media of the potential victim to learn as much information as possible, like friends, interests etc. That way he will be able to personalize the fake email that he’ll send, and make look more real, by using pictures of friends of the victim for instance.
Now if you’d like to know how effective all that is when you put them to test, Silicon Valley’s hacker stated that last week he managed to deliver the passwords of an entire business through a successful phishing attempt. He also added that this technique is absolutely illegal when it’s done, without the permission of a company.