I’m A Hacker, Here’s How I Break Into Your Company’s Network | How Phishing Attacks Work

Have you ever received an email from a Nigerian prince or a non-existent distant relative who is offering you an absurd amount of money? It was a phishing scam, albeit an extremely unsophisticated one. These unsophisticated phishing emails are generally sent to a huge number of people, in the hundreds of thousands or even millions. Sending this many emails does not take much effort given the right resources. If just 0.01% of people fall for this phishing scam, at $1000 per victim, with 1 million emails, you have just made yourself a tidy $100,000. Not bad for a weekend’s work!

Phishing attacks are not just for Nigerian scammers, they are the most common way that malicious hackers gain access to corporate networks. The more sophisticated phishing attacks are highly targeted and believable. A motivated hacker might spend months enumerating their target before they strike. Let’s give a simple example of how this might work.

Let’s say that I decide that I am a super evil hacker who would really like to have full control of ABC Bank’s network. Fred Jones is the receptionist for ABC Bank. Like most people, he has a LinkedIn and Facebook account. I know Fred works there as a receptionist, because I can see it on his LinkedIn profile. I also know that he has applied for annual…