- September 13, 2017
- Posted by:
- Categories: Archer News, Cyber Crime, Cyberattack, Hacking, Industrial Control System Security, Mobile Devices, Posts with image, Power Grid
Could you click on a link and cause a power outage?
Not directly.
But a cybersecurity company says clicking on links in trick e-mails has indeed allowed malicious hackers to break in to power companies in the U.S.
And now Symantec says these cyber crooks have the know-how to shut off power to some parts of the country.
Cybersecurity pros say they probably won’t follow through.
But we’re going to show you how this kind of “phishing” can work so you don’t become a victim.
Watch story here:
See how a click can lead to trouble in this Archer News Network report.
Say you have a house with bars on your windows.
Double locks. A security alarm. Cameras scanning the yard. Even a monitoring service to make sure no one breaks in.
“That’s all well and good,” explained James McQuiggan, product and solution security officer for Siemens Gamesa Renewable Energy. “But the minute that somebody rings the door bell and your teenager goes over and opens up that door, the bad guys can now get in.”
That’s like phishing, he told Archer News in an interview.
You can have all the security in the world. But if you click on that link, you let them right in the front door.
“Once they get inside your home, they now have the ability to take what they want,” McQuiggan added. “They can go for your jewelry. They can go for the TV, the computers, the laptops, the iPads, all the electronics, anything they can turn around and sell.”
In your house, you’d probably notice things missing. But in your computer, you might not know that your bank accounts numbers and passwords had been stolen.
“You’ve opened up that front door. They created their own key. They can come into your house whenever they want. You could even be there but you wouldn’t see them,” he said.
An example of a phishing e-mail used in an attack against energy sector companies, according to Talos. This one posed as a resume. Image credit: Talos
In your work computer, it could be even more serious.
They could send your company into bankruptcy, or find a way from the office computers to the industrial computers that run factories, power plants and water systems.
They could hold those plants hostage. Or try to destroy them.
“Remember as a kid seeing all the videos, you know, if a stranger comes up to and offers you a puppy or lollypop or wants you to help find their dog, you just say ‘no,’” said McQuiggan.
It may be time to do the same with the messages that come into your digital home.
In other words, stranger danger with e-mail.
A phishing e-mail used to attack energy sector companies, as reported by Talos. Image credit: Talos
Symantec says one of the e-mails the crooks used in the case of the power companies was a fake invite for a New Year’s Eve party.
Check before you click on links in e-mails — even if it looks like a note from your boss.
Here are some ideas to keep you from clicking the wrong thing:
—Be suspicious.
—Check out the sender’s address and hover over the link without clicking on it to see if they are designed to mimic a real address or look suspicious.
—Verify the e-mail, if possible. Call or send your own e-mail to the person who supposedly sent it. Do not simply hit “reply.”
—Don’t click on e-mail links on your phone. One study says that people fall for phishing more when they are on their phones, before and after work, and when they’re busy.
—Use two-factor authentication to make your accounts harder to get into.
—Don’t reuse passwords for many accounts. If you fall for a phishing e-mail and a crook gets your password, the crook will only be able to get into one account.
—Back up your files and keep your security up-to-date.
You can see more information on phishing from the Anti-Phishing Working Group, the FDIC and the FTC.