Phishing School: A Crash Course on Phishing Attacks
An email that looks like it’s from your bank arrives in your inbox with a link for verification. You click it, log in to your bank account and you get a screen confirming the email has been verified. Without knowing it, you may have just been phished.
Dr. Yan Solihin of the Cyber Security Cluster at the University of Central Florida sat down with Matthew Peddie to talk about modern cyber security issues and how people can fall victim to such attacks.
Dr. Solihin explains that people trying to get information through phishing pretend to be someone the receiver trusts. Like with actual fishing, a phisher sends out a malicious bait to a group of potential victims and waits for someone to fall for it.
“It has been low tech, but it exploits a psychological weakness of people. Y’know sometime we are just busy, we don’t pay attention too much, to any single email,” Dr. Solihin said.
“It’s low tech but it has been increasingly becoming high tech. There is something called spear-phishing where an attacker utilizes very personal information that they mine from social media or other means. They can pretend to be your uncle. They can sound like your uncle. And so on.”
The future of technology and phishing or misinformation is “extremely concerning” with things like deep fakes and artificial intelligence. Deep fakes refers to videos made by using artificial intelligence to create fake videos of people doing or saying things that they haven’t done.
Dr. Solihin notes that the advent of cryptocurrency has allowed people to spread ransomware without having to reveal their identity. Ransomware works by generating “a random key and then uses that random key to encrypt your files. So your files don’t disappear, they’re not deleted, they’re there. But they have been encrypted such that you cannot see the contents anymore.”
After that, the attacker will demand ransom in exchange for the key to unlock the encrypted files. Ransomware attackers will target anyone from as big as a local government to health insurance to a regular person. Just this year two Florida cities were hit with a ransomware attack.
But that’s not all.
“The scariest thing to me is the Internet of Things. If we put our data in a cloud, it’s relatively okay. Relatively safe. There are some attacks that can be done in a cloud, but. At the Internet of Things level, essentially we are augmented our life, we have smart light bulbs, smart toaster, smart refrigerator, smart watch and so on. This is all being developed in a rush, there is no incentive for manufacturers to follow the best practices in security. They want it to go out to the market as soon as possible. And the product is expected to be cheap.” Dr. Solihin said.
“There are not many eyeballs looking at the code making sure there are no vulnerabilities. So I think this is just an accident waiting to happen.”
Sign Up For 90.7 WMFE's Newsletter
Catch up on the latest Central Florida news and get updates on programs, events and more.SUBSCRIBE