CNET’s Dan Patterson interviewed Kevin Mitnick, a former most needed pc prison, and now the founding father of Mitnick Safety Consulting and chief Hacking Officer of the safety consciousness coaching firm KnowBe4. He mentioned phishing, spam, and the similarities, variations and risks of each. The next is an edited transcript of the interview. The next is an edited model of the transcript.
Marketing campaign 2018: Election Hacking is a weekly sequence from TechRepublic sibling websites, CBS Information & CNET, concerning the cyber-threats and vulnerabilities of the 2018 midterm election.
Dan Patterson: Kevin, are you able to clarify how phishing works, and stroll us by means of a profitable assault.
Kevin Mitnick: Positive. Phishing is all concerning the dangerous man, the attacker, sending a malicious e-mail to a sufferer and fooling that particular person both to click on on a hyperlink throughout the e-mail or open up an attachment. And when the sufferer does that, their pc finally ends up being compromised, and malware is put in so the dangerous man has full management. And phishing assaults are fairly refined as of late, so it actually seems prefer it’s the e-mail originating from a buyer, a provider, or a vendor, and other people fall for it.
SEE: IT chief’s information to massive knowledge safety (Tech Professional Analysis)
There’s one other sort of phishing assault the place a sufferer may obtain an e-mail. They will click on on a hyperlink in an e-mail, after which it’s going to current them a web page to login. And it’ll seem like, you recognize, one thing that they ordinarily login to love Gmail, Twitter, or Fb. They usually’ll put of their credentials to login, however what occurs, they do get logged in, however then the dangerous man can be in a position to get entry to these credentials. What do I imply by credentials? That is like your username and password. In order that they’re in a position to steal your username and password by means of these kinds of phishing assaults.
Dan Patterson: Kevin, phishing sounds loads like spam, however I’m wondering should you might inform us the variations between the 2, and what do phishing attackers need?
Kevin Mitnick: Effectively, spam and phishing are completely different. Spam is commercials which can be simply despatched to your e-mail, which can be undesirable, proper? And we have been coping with the spam situation for years. Phishing, then again, is the place an attacker needs to get entry to your accounts, they wish to compromise your pc, and their goal is loads completely different. Spam is all about making an attempt to get you to purchase a product or a service. Phishing is all concerning the dangerous man gaining access to your pc to put in malware that enables them, for instance, to realize entry to your checking account or one thing like that.