What’s the easiest way to get into a locked building? \u00a0Use the key. \u00a0What’s the easiest way to get the key? \u00a0Get it from the person who has it.<\/p>\n
Your network is a building, metaphorically speaking. \u00a0Each device (computer, printer, network attached storage, etc.) is a room in the building and each device is protected by a user name and password, or at least should be. The user name and password are the credentials of the device, and are the “keys” to the room. \u00a0Usually, in order to make our life simple, once we insert our key (user name\/password) into the building (network), we’re granted access to the rooms (devices) our gatekeeper\/keymaster (network administrator) has decided we can go into.<\/p>\n
Because we’ve become more security conscious over the past few years (we don’t use the password “password” or “123456” anymore…do we?!<\/a>), the bad guys (hackers) have become more sophisticated. \u00a0They use various methods to get the keys. \u00a0Some use social engineering. \u00a0Others use brute force attacks. \u00a0And still others prey on the lack of computer\u00a0knowledge of network users.<\/p>\n The last group uses “phishing” expeditions in order to get the keys. \u00a0This is a play on words on\u00a0“fishing expedition”. \u00a0On a fishing expedition, we go out and see how many fish we can catch. \u00a0We target our area, throw out the line, which has bait on it, and see what happens.<\/p>\n A phishing expedition is no different. \u00a0The bad guys send out hundreds of thousands of e-mails that have malicious content, and see how many take the bait. \u00a0Once the targets take the bait, it’s pretty much over with. \u00a0Some of the malicious payload may be a virus or Trojan that captures your “keys”. \u00a0Others may be ransomware that encrypt your hard drive and demand money in order for you to get access to your files again. \u00a0Regardless of the payload, it’s all bad, which is why we call it “malware”, “mal” being the Latin word for “bad”.<\/p>\n Phishing expeditions are not limited to just gaining access to work networks. \u00a0They can also be used to gain access to bank accounts, credit card accounts, or any other password protected site.<\/p>\n