Image: Mohamed Ahzam, Unsplash.com
Many are now aware of the term phishing, the attempt to obtain sensitive information by luring people into clicking links in an email from what they think is a trsuted sender. A new subset of this, spear phishing, is the attempt to lure into the same using emails sent from legitimate and trusted sources which have been compromised.
Software engineer Robert Heaton tells an eye-opening story in his post about how receiving an email from a genuine University of Cambridge email address, with a genuine Cambridge URL, was in fact a spear phising attempt. It would have been successful on him only for the fact that the malware was using a zero-day exploit in Firefox to gain access to the user's machine, and lucky for him he opened the link in Chrome. He went a few steps further and conversed over email with the sender, who maintained character throughout and dismissed the email as a case of mistaken identity.