Dan Pienta, assistant professor of information systems and business analytics says that cyber criminals don't need a lot of know-how to carry out a phishing scam. They just need to be creative.
“Open source, intelligent gathering, which is public sources of information that companies put online are used by phishers to craft pretty sophisticated tasks. When they target a mass audience, they can harvest credentials from different databases. There's information on the dark web, where the databases are traded.”
In order to reach the real target within a company. Pienta says that cyber criminals may get the information they need from an employee's social media posts.
“Especially if they're targeting one individual, they'll look for the chatter box in the family, or in the organization. We call it the chatter box, or the person who hosts things on Facebook, social media sites, LinkedIn about what's happening at the organization, or what's happening in the individual's closed circle of friends, and gives phishers those details that really make those emails seem real, and seem that they're coming from the person. It could be an employee with, what we would call, lower level access rights, meaning they don't have access to sensitive information at the organization. But if they gain control of that employee's account, they can start sending emails from that employee's account to gather more information about the organization. And once it elevates into getting into something like payroll, corporate intellectual property, that's when it can get really damaging and harmful to organizations.”
Business Review is a production of Livingston & McKay and the Hankamer School of Business at Baylor University.