The New York Times and Wall Street Journal are just the latest victims in a nasty scam cybercriminals are using to get inside a company’s network.
Hackers from out of China have managed to get inside the computer systems of the Wall Street Journal and New York Times. The hackers were able to get the passwords of 53 employees, gaining them access to the employees’ personal computers, through a tactic known as spearphising.
The spearphising tactic is started when the cybercriminal sends an email to either a single user or a department within a company. These emails typically appear to come from a trusted source within the company such as the human resources department and will contain a bogus link or attachment that once clicked on or opened will automatically install malicious software. The cybercriminal now has access to all of your sensitive data and is able to use that to get accessibility to all of the sensitive data within your company.
Protect yourself from falling victim to a spearfishing scam:
1. Don’t click on the link. Hover over the link in the email to see the web address the link is directing you to. If the web address is not matching up to what the link says don’t click on it. Instead of clicking on the link from the email type the URL address into the web browser.
2. Antivirus. Make sure that you have an up-to-date antivirus on your computer.
3. Use a password management tool. A tool like RoboForm automatically stores your login credentials and will automatically fill them in only at the correct web site and not a fraudulent one.
Read more on the attack at The New York Times and Wall Street Journal:
Read more about spearfishing: