#CyberFLASH: E-Mail Security

1297516661469_ORIGINALOn November 24, 2014, a group of hackers, who identified themselves as the Guardians of Peace, breached the cyber security system of the film studio, Sony Pictures Entertainment, and released an estimated 38 million confidential documents. This breach resulted in the disclosure of highly sensitive information, such as employees’ salaries, employees’ job performance, and employees’ identification information (including bank account and social security numbers). In addition to the breach of employee privacy, the incident evolved into an all-out international crisis, with threats being made regarding the safety of American citizens.

A lengthy investigation was undertaken to determine the source of the breach. It was determined that three days prior to the breach, several Sony executives received an e-mail from a group demanding monetary compensation and threatening repercussions if Sony Pictures did not comply. It is believed that since Sony did not accede to these threats, the company was hacked. Although the cause of the breach has not been publicly confirmed, it has been theorized that the hackers were able to infiltrate Sony’s once seemingly impenetrable information security system, through the use of the several phishing e-mails.

A phishing e-mail is a specific type of spam that targets a person by simulating a legitimate message from a bank, government department or some other organization, in an attempt to get the individual to give up confidential information that could be used to gain access to their personal accounts. In Sony’s case, investigators found a pattern with repeated phishing e-mails being sent that were fake Apple ID verification requests that asked the individual to sign into their account.

These types of messages are often very deceiving, and will usually include some form of good news to provide further encouragement for the receiver of the e-mail to trust the sender and follow the instructions in the e-mail. Often, these e-mails also attempt to incite fear, such as stating that an account has been hacked and requesting the individual to sign into their account to rectify the issue. The messages are often close depictions of common emails sent from the real organization. In many cases, the messages include logos, fonts, and similar colours to the legitimate organization. Almost always, the e-mail will include a website URL, which the individual is told to click on to take them to the organization’s website. The website will closely mimic the real organization’s website and require the individual to provide their confidential information by signing into the account. At this point, the individual has disclosed their login information and has become a sitting duck for the breach of their cyber security.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.