The email that showed up on my desktop at work seemed to be what it said from the PayPal Team–“Security Measures” confirming my user account, and all I had to do to confirm my account information was click on the “Confirm Now” link.
But I don’t have a PayPal account, and if I had clicked on that link, Assistant Professor Arun Vishwanath, in the University at Buffalo’s Department of Communications said, all kinds of bad things could happen to me–or even the entire network my WIVB-TV computer is hooked into.
Prof. Vishwanath, who is nationally renowned for his cyber security expertise, and monitors hacker attacks around the world daily, called this kind of email spoof, “spear phishing”.
Clicking on the link in that email, Prof. Vishwanath said, would have opened my computer to a “RAT” infection, short for Remote Access Tool.
“That tool is going to be used to tunnel into your system, and then it will move in. They will be able to get access to all the other computers on your network. It could be a work network, they could go to your server, and they could start downloading information.”
As holiday shopping season approaches, retailers are predicting cyber shopping will set new records this year, but cyber crime might be following close behind, and spear phishing poses a serious threat to not only shoppers but to national security.
Prof. Vishwanath says a RAT can then steal a user’s identity, and infect other computers in the network, which he said was how hackers breached Sony Pictures network last year.
“It is the biggest threat to cyber security. It is the biggest threat to national security today, and to every computer and whatever we know of as the Internet.”
Vishwanath said spear phishing has also become a potent tool for terrorists, “We know that ISIS started using phishing attacks to pinpoint people’s locations–in Syria, like Syrian sympathizers. So it is being used by a whole group of people.”
Among cyber shoppers, Vishwanath said people doing business using a mobile device are more likely to fall victim to spear phishing, because tablets and smartphones are designed more for convenience than security.
So as you go hunting for those holiday bargains online, just be careful, and the National Cyber Security Alliance is offering tips for safe shopping this holiday season which is available online.