02.2023 Life Guide
"Harpoon fishing attack" seen from Korean dramas
Far Eastern New Century Corporation / Jane Junru
 In 2022, the Korean drama "Yu Yingwu, an extraordinary lawyer" was deeply loved by the audience. In addition to the high beauty and exquisite acting skills of the male and female protagonists, as well as the life-like and gripping stories, which resonated with the audience, it also connected many important issues and was very thought-provoking. Especially at the end of the event, Yu Yingwu, the protagonist, undertook a major incident of asset security - harpoon fishing attack, which shows that the importance of asset security issues is increasing day by day and has become a popular theme of Korean dramas.
In the play "Yu Yingwu, an extraordinary lawyer", Rowan e-commerce company is one of the largest e-commerce companies in South Korea, with unlimited prospects. However, hackers used harpoon phishing to steal nearly 40.95 million user information and credit information (nearly 80% of the total population of South Korea). The hacker invaded the e-mail exchanged between the person in charge of the company's database and his brother, clearly grasped the content of their usual conversation, and even sent e-mail in imitation of his brother's tone. Since the mail itself is specially made malicious code to attack specific objects, the anti-virus software cannot detect it. Rowan Company was fined KRW300 billion (about NTD7 billion) by the Broadcasting and Communication Commission for failing to properly protect the user's personal capital. In addition, if more than 40 million users filed a class action claim, the e-commerce giant is likely to be on the verge of bankruptcy overnight.
 Harpoon phishing refers to sending an unidentifiable file in the name of the company or organization to a specific target in the form of e-mail to induce the mail user to further log in his account password, and the attacker can use this to install a Trojan horse or other spyware to steal secrets; Some hackers will also put virus automatic downloaders in the web pages that employees often browse, and continue to update the variant viruses in the infected system, leaving users struggling to cope.
In this play, the database administrator of Rowan E-commerce Company clicks on the personal resume sent by the hacker who fakes his brother, and then spreads the malicious code hidden in the WORD file of the hacker to the computer, which leads to the harpoon attack. As the person in charge of the company's database, although he has been familiar with various phishing methods, he still lost his vigilance and fell into the malicious phishing e-mail trap, let alone the general users who are not familiar with the network.
In the face of the ever-changing phishing scams, how can ordinary users prevent it? It is suggested to memorize the pithy formula of "one change, two checks and three anti-virus".
・ Change: Generally, the target of hacker fraud is the user's account password, so a secure and rigorous password is the first line of defense. Changing the password regularly and avoiding the use of simple passwords that are easy to guess can reduce the probability of being cracked by hackers.
・ 2 Verification: recent phishing scams are packaged into daily events that occur in the user's life through various links or text messages (such as links to anti-epidemic policy applications, links to supermarket packages, etc.). Therefore, do not click on any links easily. First confirm the source of the website and conduct relevant verification to avoid falling into the fraud trap.
・ Three antivirus: professional tools (such as antivirus software) can be used to identify and block viruses and strengthen network security.
Modern people's food, clothing, housing, transportation, education and entertainment are inseparable from the network and information equipment, but the methods of phishing fraud are diverse and ever-changing. Not only does South Korea publicize the importance of asset security through Korean dramas, but the United States federal government has also held asset security propaganda activities in October every year since 2004, and set it as "National Cybersecurity Awareness Month (NCSAM)", hoping to enhance the importance of enterprises and the public to asset security, The theme of information security in 2022 is "See Yourself in Cyber". The organizer explained that network security seems complicated, but it is closely related to people. Users should pay more attention to information security issues to avoid falling into fraud traps, which will threaten their own rights and privacy security. All major countries in the world are leading the improvement of capital security awareness. Are you keeping up?
----------------------------------
* Note
Existing types of phishing:
Phishing -- usually through email.
Harpoon phishing -- precisely lock the e-mail of specific objects.
Whaling - specifically targeting phishing emails from senior executives.
Internal phishing - phishing attacks originating within an enterprise.
Phishing - Phishing through telephone.
Phishing newsletter -- phishing via mobile phone newsletter.
Social media phishing - phishing using Facebook or other social media posts.
Web address grafting attack (Pharming) -- an attack that invades the DNS cache.
For more types of phishing, please refer to: http://bit.ly/3Jq2YLG
Image source: Freepik
In the play "Yu Yingwu, an extraordinary lawyer", Rowan e-commerce company is one of the largest e-commerce companies in South Korea, with unlimited prospects. However, hackers used harpoon phishing to steal nearly 40.95 million user information and credit information (nearly 80% of the total population of South Korea). The hacker invaded the e-mail exchanged between the person in charge of the company's database and his brother, clearly grasped the content of their usual conversation, and even sent e-mail in imitation of his brother's tone. Since the mail itself is specially made malicious code to attack specific objects, the anti-virus software cannot detect it. Rowan Company was fined KRW300 billion (about NTD7 billion) by the Broadcasting and Communication Commission for failing to properly protect the user's personal capital. In addition, if more than 40 million users filed a class action claim, the e-commerce giant is likely to be on the verge of bankruptcy overnight.
 Harpoon phishing refers to sending an unidentifiable file in the name of the company or organization to a specific target in the form of e-mail to induce the mail user to further log in his account password, and the attacker can use this to install a Trojan horse or other spyware to steal secrets; Some hackers will also put virus automatic downloaders in the web pages that employees often browse, and continue to update the variant viruses in the infected system, leaving users struggling to cope.
In this play, the database administrator of Rowan E-commerce Company clicks on the personal resume sent by the hacker who fakes his brother, and then spreads the malicious code hidden in the WORD file of the hacker to the computer, which leads to the harpoon attack. As the person in charge of the company's database, although he has been familiar with various phishing methods, he still lost his vigilance and fell into the malicious phishing e-mail trap, let alone the general users who are not familiar with the network.
In the face of the ever-changing phishing scams, how can ordinary users prevent it? It is suggested to memorize the pithy formula of "one change, two checks and three anti-virus".
・ Change: Generally, the target of hacker fraud is the user's account password, so a secure and rigorous password is the first line of defense. Changing the password regularly and avoiding the use of simple passwords that are easy to guess can reduce the probability of being cracked by hackers.
・ 2 Verification: recent phishing scams are packaged into daily events that occur in the user's life through various links or text messages (such as links to anti-epidemic policy applications, links to supermarket packages, etc.). Therefore, do not click on any links easily. First confirm the source of the website and conduct relevant verification to avoid falling into the fraud trap.
・ Three antivirus: professional tools (such as antivirus software) can be used to identify and block viruses and strengthen network security.
Modern people's food, clothing, housing, transportation, education and entertainment are inseparable from the network and information equipment, but the methods of phishing fraud are diverse and ever-changing. Not only does South Korea publicize the importance of asset security through Korean dramas, but the United States federal government has also held asset security propaganda activities in October every year since 2004, and set it as "National Cybersecurity Awareness Month (NCSAM)", hoping to enhance the importance of enterprises and the public to asset security, The theme of information security in 2022 is "See Yourself in Cyber". The organizer explained that network security seems complicated, but it is closely related to people. Users should pay more attention to information security issues to avoid falling into fraud traps, which will threaten their own rights and privacy security. All major countries in the world are leading the improvement of capital security awareness. Are you keeping up?
----------------------------------
* Note
Existing types of phishing:
Phishing -- usually through email.
Harpoon phishing -- precisely lock the e-mail of specific objects.
Whaling - specifically targeting phishing emails from senior executives.
Internal phishing - phishing attacks originating within an enterprise.
Phishing - Phishing through telephone.
Phishing newsletter -- phishing via mobile phone newsletter.
Social media phishing - phishing using Facebook or other social media posts.
Web address grafting attack (Pharming) -- an attack that invades the DNS cache.
For more types of phishing, please refer to: http://bit.ly/3Jq2YLG
Image source: Freepik