Two days ago the Justice Department indicted nine Iranians on charges related to the hacking of approximately 8,000 professors around the world including 144 American universities as well as private companies and governmental agencies. The indicted Iranians were able to gain access to critical intellectual property and research which they used and sold, as well. The two common tactics used by the accused hackers in order to gain access to their victims data were spear phishing and password spraying, which pose threats not only to people at targeted companies and universities, but also to all of us as individuals.
Most people are aware of the hacking tactic referred to as “phishing,” by which you receive an email purportedly from a legitimate company or government agency that has all of the appearances of being a true and legitimate communication, but in fact is from an identity thief who under the pretext of a problem with your account or some other such emergency lures you into clicking on a link contained in the email, which unbeknownst to you downloads harmful malware on to your computer, such as keystroke logging programs, that will steal all of the information from your computer and lead to your becoming a victim of identity theft.  Most often these phishing emails are not directed at you by name, but rather to you as “customer” or “consumer.”  They also may appear to come from companies with which you do not do business as from a bank where you have no accounts.  Spear phishing, however, also uses malware infected emails or emails that lure you into providing personal information such as user names and passwords, however, spear phishing emails are specifically tailored to you with your name and other information about you and your interests that lures you into trusting it and either clicking on an infected link or providing the requested information. Spear phishing has been used effectively by many hackers including the Iranian hackers.
Password spraying relates to attacks on companies, governmental agencies, universities and others with many employees that targets all of the employees of the particular company to see who are using common and extremely insecure passwords.
TIPS
Protecting yourself by using security software to help recognize spear phishing emails is important, but far from fool proof. The place to find a helping hand in regard to spear phishing is at the end of your own arm, or finger tips. Never click on links in emails regardless of how legitimate they may appear unless you are absolutely sure they are legitimate and verified them to be so.  Merely because an email uses your name, appears to come from a company with which you do business or some other trusted source and even may contain your account number does not mean that the email is legitimate.
It is also important to have a secure and unique password for all of your accounts. Avoid common passwords, such as “password.” Creating strong and unique passwords is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords to which you add some symbols to read IDon’tLikePasswords!!! which has capital letters, small letters and symbols and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswordsAMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”