Don't click on any links in suspicious emails: It's a message that information technology professionals have stressed for years. But the seriousness of the threat has only grown since criminals used a technique known as phishing to infiltrate emails at a number of high-profile targets.
Phishing attacks in recent months have hit the highest levels of Sony Pictures, Target and the U.S. State Department. Even President Barack Obama's emails are at risk. But here's what you need to know about this simple hacking technique:
What Is Phishing?
Simply put, phishing is any illegal attempt to steal information via email. Attackers send out a wave of messages to encouraging users to claim their inheritance from a long-lost relative or watch the latest viral cat video. Users are tricked into clicking on links that are made to look like legitimate websites where it's safe to enter their credit card number and other information used in identity theft.
Even more dangerous is spearphishing, which occurs when hackers direct their message to their target's field of expertise. They might scan a company's board of directors, for instance, and forge one user's email address and even their email signature. Sometimes they enhance their sophistication through social engineering, or by looking at a high-value target's social media presence and gaining trust that way.
While more sophisticated attacks are also used, Wired magazine reported that 91 percent of all hacks begin with phishing or spearphishing.
All Are Vulnerable
Not even the highest levels of government are immune. Russian hackers who infiltrated the State Department through a phishing attack gained access to some of Obama's email correspondence, the New York Times reported.
Depending on the level of sophistication, stolen user name and password credentials can provide hackers with either an opportunity for identity theft or a backdoor into a guarded computer system. One case highlighted by Wired's Kim Zetter involved a phishing email sent to 530 workers at Oak Ridge National Laboratory, a high-security facility in Tennessee where secret energy and national security research is conducted. Fifty-seven users clicked the link, and two machines were infected, which made it possible to steal megabytes of information.