Beware the Harpoon


You have likely heard about “phishing” and the need to protect your account credentials from this email threat. But that's not the end of nautically-themed threats of which there are "spear phishing” and “whaling.” 

Spear phishing is a targeted phishing attack that may be harder to spot right away. One example of a spear phish is an email that looks a lot like one you would normally receive, such as an HR announcement about tax forms or benefit enrollment. 

Whaling steers this kind of attack to the leviathans by targeting highly placed individuals in an organization. One example might be a request for approval for a funds transfer, or it might take the form of an urgent request to view a subpoena or other legal document, requiring the download of a browser add-on to access the document. The “browser add-on” might really be a key logger that can then record everything the executive does on their computer.

If all this wasn’t enough, there is one more new threat to worry about… “vishing.” Vishing is like other forms of phishing with the added complication of directing the victim to a telephone number where they will be prompted to give up personal information, adding in some social engineering for scamming that has existed as long as the telephone has been around.

Remember—never divulge passwords, social security number, or financial account details to email or voice mail requests. Contact the appropriate department or company via a known, valid phone number, email, or website to verify any requests. If you have questions about any messages you receive to your NAU email or voicemail accounts, call the Solution Center at 523-1511. You may also report NAU-related spear phishing attempts.

Remember: the only good phishing is the kind you do at the lake on your day off!

Spring 2016
2/9/2016 10:24:18 AM