Skip to the main content.
Under Attack? Login
Under Attack? Login
Managed Extended Detection & Response
Layered cybersecurity controls for effective risk management and rapid response.

24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management

Book MXDR Demo

Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Resources

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Company

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

The Phishing Adventures of Huck Phinn, Plenty of Phish in the Sea

Picture of Cyrus Robinson Cyrus Robinson Feb 24, 2021 2:44:50 PM

phishing
Chapter 1

Chances are you know about the dangers of clicking on fake emails so you carefully scroll through your inbox to delete them. You are especially vigilant before opening any email on business accounts, but no matter how many suspicious emails you spot, they keep coming.

Our “How to Spot a Phish” checklist can help you identify phishing emails and provides advice on what to do with them.
Download our “How to Spot a Phish” checklist which will help you identify phishing emails and provides advice on what to do with them.

The damage caused by email security breaches is staggering. The FBI says that Business Email Compromise resulted in more than $1.7 billion USD in losses for businesses in 2019; one primary method that attackers use to break in and harvest credentials is phishing. A Verizon 2020 Data Breach Investigation report found 32% of all breaches involve phishing.

Phishing emails generally fall into a few different categories:

  • Phishing: Those email attacks that rely on mass emails sent to as many recipients as possible in hopes that any potential victims will be compromised, and if this fails, it’s relatively simple to re-use the recipient list for future attacks.
  • Spear-phishing: More carefully crafted attacks that target specific organizations or individuals regardless of the target’s role in the organization.
  • Whaling: A type of spear-phishing campaign that targets specific high-value individuals (CEOs, CFOs, etc.) in an organization. These may be especially complex and deceptive.


Despite all efforts to stop these attacks, there are still plenty of phish in the sea, and this tactic requires minimal effort for a potentially large pay-off. What motivates Phishing attackers? Here are a few of the more common ways bad actors can use harvested credentials:

  • To sell to other attackers on Dark Web forums
  • To support corporate espionage or Intellectual Property theft efforts
  • To support theft of funds or wire fraud efforts
  • To gather credit card, banking, or other sensitive information
  • To steal an individual’s identity
  • To make unauthorized purchases
  • To gain remote access or to deploy more damaging malware such as ransomware, trojans, or information stealers


In the next chapters of this blog series, we will share real phishing email examples dissected by Ingalls Information Security on behalf of clients.  We’ve changed their names but kept all the details real

Even if you think you’re skilled at spotting a phish when you see one, we hope you can pick up a few more tips and even share this knowledge with others. 

In the meantime, take another look at your inbox. If you see something suspicious, use our “How to Spot a Phish” checklist to help you decide if it’s a phishing email and what to do with it. 

...to be continued.


About Ingalls

Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have. 

 

About the Author
Cyrus Robinson, CISSP, MCSE, MCITP, CEH, CHFI, Sec+
Mr. Robinson is a skilled Information Security professional with experience working with diversified technologies and environments. Mr. Robinson’s professional IT career began as an electronic forensics engineer as an active duty Airman with primary responsibilities with testing and evaluating digital forensic software, policies, and procedures. In this capacity, he worked alongside federal investigators and various DoD, CIA, FBI, NSA, and NIST employees. Following his active duty role with the USAF, Mr. Robinson went on to work in change management and system administration as a DoD Contractor. Mr. Robinson also has extensive experience in the roles of Information Security Officer and IT Director for a large medical group which contribute to his knowledge with security risk assessments, HIPAA compliance, and drafting and implementing corporate IT security and business continuity policies. Mr. Robinson holds various industry standard certifications and a Masters of Science in Information Security and Assurance.
Subscribe to Network Security News