Cyber-criminals see that a future company or institution is involved in a particular industry, such as the military or medical care. Over a period of time, a cyber-criminal establishes an electronic relationship with the company. He may target a specific person within the company and begin sending emails to him.

These emails contain enough accurate information about the company or individual, encouraging him to respond back.

To obtain all of this personal information, the cyber-criminal logs into blogs or social networking profiles connected to the victim. The cyber-criminal finds the information he needs to establish some kind of “official” connection so that, when he finally does contact the victim, the emails appear to be real. When the victim sees enough accurate information about himself, he is fooled into responding, just like the cyber-criminal wishes.

In other attacks, the cyber-criminal convinces his victim that his software is out of date. When the victim clicks on an enclosed link, he believes he’s updating his software when, in fact, malware is stealing his private information

Created by the marketing team at GreyHeller.