Cybersecurity Awareness: Whaling Attacks

“Phishing” uses fraudulent information in an attempt to obtain sensitive information and typically uses email or instant messaging. The intended recepient is deceived by the scammer through the use of trusted sender names (as the sender) and websites (in the message body). The user is directed to a fake website which asks for personal information as verification to proceed with a transaction. Once entered, the scammer has successfully collected the user’s identity.

“Spear-phishing” is a form of phishing that targets individuals. Spear phishing attacks target a specific victim and messages are modified to specifically address that victim.

“Whaling” attacks are a form of spear-phishing which target specific, high ranking victims within a company. Both spear-phishing and whaling take much more time and effort to execute than phishing attacks because of the need to gather personal details on their targets in an effort to legitimize the message.

An example of a whaling message may be something of the following. Assume that “John Doe” is a trusted high-ranking colleague with whom you, Jane Doe – jane.doe@okstate.edu – regularly communicate via their business address. For our example, John’s business address is normally john.doe@okstate.edu.

****


From: "John Doe" <john.doe123@yahoo.com>
To: "Jane Doe" <jane.doe@okstate.edu>
Subject: 

Are you available?

John Doe
Dean, Agricultural Systems
Oklahoma State University

****

Normally, this message might seem legitimate as we recognize and trust the sender, the signature line seems correct, there is no web link, and the sender simply asks for a response. The first thing – perhaps the only thing – that seems odd is that the return address is not their business email address. If we reply to this message, the scammer will know our email address is valid and we can be sure to receive a follow up message that will include a web link to a site that requests our credentials or we will receive an attachment that is contaminated with malware.

If we suspect the message is a whaling attempt, forward the message to the email address in your Contacts for this person. In our example, we would forward the message to john.doe@okstate.edu. This allows us to bypass a potential scammer and communicate directly with the purported sender.

Sources:

  • https://en.wikipedia.org/wiki/Phishing
  • https://digitalguardian.com/blog/what-is-spear-phishing-defining-and-differentiating-spear-phishing-and-phishing
  • https://digitalguardian.com/blog/what-whaling-attack-defining-and-identifying-whaling-attacks

Trumba – Changing the Time Zone Setting

OSU’s default setting for Trumba events is Pacific Time. Until OSU Communications (who manages OSU’s license) can resolve this default setting for all OSU employees, each user must change this setting. Once changed, it will become the default for all your events.

When completing the event submission form for Trumba, if your time zone setting is “Pacific Time (US & Canada)” update the time zone by following these steps:

(1) Browse to the Trumba events portal at https://eventactions.com/eventactions/okstate-extension-county#/mysubmissions

(2) In the top left corner click on the “O-Key” sign-in link:

Trumba Sign In

(3) After you have logged into the site with your OSU email address and password, click on the menu option in the top right corner then choose “Settings”:

Trumba Settings

(4) In the “Time Zone” field, choose “Central Time” from the drop down menu:

Trumba Time Zone

(5) Save your update!

Trumba Save

(6) Click on the menu option and log out. You are done!

Mobile Device Security When Traveling Abroad – Cyber Security Awareness Month 2017

Securing Your Data: Mobile Device Security When Traveling Abroad

If you need a laptop computer, borrow a loaner from your departmental IT support group. Ensure the laptop has the necessary software you plan to use on your trip. When you return, the IT Specialists should clean the computer (wipe the drive and reinstall software). Assume the laptop computer will become infected with malware while traveling; the cleaning process protects other devices from becoming infected once the laptop computer returns to the local network.

  • If your departmental IT support group has a loaner mobile device (for example, iPad, Android tablet), you may consider using it rather than your personal device.
  • Unless it is absolutely necessary, disable wireless technologies on your laptop computer and cell phone such as Bluetooth and Wi-Fi. Bluetooth headsets are strongly discouraged and should not be taken with you. When these technologies are needed, make sure all local shared folders are password protected. Wireless technologies can be used to gain entry to hosted devices such as laptop computers, mobile devices and cell phones. Once entry has been gained, access to intellectual property, proprietary information, files and passwords becomes available. In addition, keyloggers can be installed which collect all keystrokes and store them into a file that is later downloaded.
  • Never let your cellular phone and mobile devices out of sight. When not being used, turn off your cell phone and mobile devices. Minimize the data contained on the device. Some phones can be remotely controlled so that the microphone and camera are enabled which allows remote users to listen to, watch, and record conversations.
  • When connecting to the internet via wired or wireless, use OSU’s virtual private network (VPN) software to access the internet. A VPN provides for a secure and encrypted connection to the internet.
  • Be aware of all usernames and passwords you use while traveling. Once you return, change these passwords. Consider creating a temporary account on Gmail or Yahoo before you leave that can be used for email communication. Limit use of instant messaging and text messaging.
  • When using thumb/USB drives, use a PIN and encryption code to protect the data. If the drive is scanned or lost, the data is more secure when protected with an extra layer of encryption technology.
  • Unless calls from your cell phone are encrypted, the foreign government can monitor them even if you use a U.S. cellular company’s service. Be aware of communicating confidential or proprietary information. Some users may consider a pre-paid cellular phone that can be disposed of upon returning to the U.S.
  • Do not take unneeded car/house keys and credit cards. Clean out your billfold/purse of any financial information such as bank numbers and logins/passwords.
  • The U.S. Government’s “Smart Traveler Enrollment Program” can be helpful in planning your trip and ensuring a safe return: https://step.state.gov/step/.

Preventing Phishing – Cyber Security Awareness Month 2017

With the increase in fraudulent emails to Oklahoma State University employees over the past year, now is as good a time as any to develop best practices for keeping your devices malware free and your information secure. October is National Cyber Security Awareness Month and with the help of the Department of Homeland Security and the National Cyber Security Alliance, DASNR IT is here to shed some light on phishing attacks.

Phishing (pronounced “fishing”) is the attempt to obtain sensitive information such as usernames, passwords, and credit card details often for malicious reason, by disguising as a trustworthy entity in an electronic communication.[1]

A phishing email can look like it comes from a financial institution, your favorite online shopping website, or even Oklahoma State University itself. Many of these emails are asking you to act quickly because, for example, your account has been compromised and a recent online order cannot be fulfilled without payment. Stop and think before deciding to click any links or open any attachments that might have come with these emails.

According to Symantec [2] the vast majority of malicious emails will contain links that will take you to websites containing malware or the message will have attachments infected with malware. If you are unsure if an email request is legitimate, try contacting the company directly using information you already know or info that can be easily obtained online.

Phishing, spam, and other scams aren’t limited to just email. Social networking sites such as Facebook are also prevalent with malware. Online advertisements, Facebook status updates, and tweets can also contain malicious links, so “when in doubt, throw it out.” Most online sites, including social networking and media websites, have ways to report spam and phishing as well.

Oklahoma State University has a way to report fraudulent email. You can forward any email you receive to your okstate.edu account and believe to be malicious to spam@okstate.edu which is monitored by OSU IT Security. When they find malware that is contained in the email links or attachments, they can respond to the email administrators and then initiate filters to, hopefully, prevent anyone else from getting the email as well.

Below are some links with more information to help you remain vigilant against phishing attacks and, as always, contact your support specialist if you need any further information.

[1] https://en.wikipedia.org/wiki/Phishing

[2] https://www.symantec.com/security-center/threat-report