Hacking Explained: Phishing and Malicious Links

0d832c77559a2070a766f899e7efb7831-500x333Hackers are the cowboys of today’s online world. They are hired by large corporations and consulting firms to figure out how to break into people’s and companies’ websites and then build protective walls for those same victims. When figuring out how to find a hole in a secure system, hackers usually begin with the most obvious, low-hanging fruit.

The newspaper headlines in 2015 have been full of reports of high-profile hackings by foreign agents to the systems of such major companies as Sony, Wal-Mart and even the US government itself. Hackers admit that the easiest way to infiltrate a corporation’s secure system, as was done in these cases, is to somehow convince an employee to click on an infected link in a seemingly benign e-mail.

This technique, called “phishing,” allows a hacker to then obtain the duped user’s usernames, passwords, and other private information that will give them further, deeper access to a company’s secured systems. Sophisticated hackers will spend significant amounts of time planning how to best design a convincing phishing scheme, including trustworthy-looking e-mail messages.

One hacker described his own method: he would scour the professional profile website, LinkedIn, for a particular company’s “weakest links” – its least computer-savvy employees, who would be unlikely to differentiate between a fake or real e-mail message. He would then try and guess the employee’s e-mail address from a set of common formulas, testing potential addresses until he hit the right one. He would then customize a virus-laden email that would be pertinent to the recipient (based on any info he could glean from social media about his or her hobbies).

After attaining the victim’s email address, the hacker looks to social media to learn as much as possible about his target’s professional background, friends, and general interests.

You have been warned by the experts – do not click on any links in e-mails which you are not certain are legitimate.