Spear Phishing Anyone?

April 12, 2016 at 7:31 pm

Spear Phishing

Spear Phishing Review:

If you took my CompTIA A+ 220-902 course, you remember we discussed spear phishing. As a quick review, phishing is when we have email that looks legitimate, but is really faked. It is typically an attempt to gain our personal information, or to spread malware at the very least. Spear phishing can be much more successful since it will be much more targeted. The emails might look to be from people you know in your organization, or they might already have some information about you so they look even more legitimate.

Spear Phishing in Action:

So how could something like this happen…really! Well let’s examine a recent case of it!

Here we have the true story of Charles Harvey Eccleston, an environmental scientist formerly employed by the Energy Department and the Nuclear Regulatory Commission. For unknown reasons, but enough to really anger him, Eccleston was terminated from the NRC in 2010.

Fast forward to April 2013, when Eccleston offers to provide an unnamed foreign government with more than 5,000 email addresses of all Energy Department employees for $19,000. He indicates that if the foreign government does not take the offer, he will offer the information up to China, Iran or Venezuela. He is of course selling the email addresses so that they may launch spear phishing attacks.

Thankfully the FBI catches wind of this and sets up a sting operation. In January 2015, the FBI has him target more than 80 Energy Department employees in Washington and at four national nuclear labs. The spear phishing emails contain what Eccleston thinks are links to malicious websites.  He is led to believe that, if activated, the sites could infect and damage computers. Obviously the FBI ensures that no malicious code ever gets transferred. The FBI pays Eccleston $9,000 for the fake operation and thanks him for the 1,200 email addresses (they already had!).

Eccleston now enjoys 18 months in prison for pleading guilty in February 2016 to one charge of attempting to damage protected government computers. Oh yeah, and he also has to pay back that $9,000. 🙂
Cisco Expert Level Training Programs for CCIE Routing and Switching v5.0 468x60 white

Not Your Grandfather’s CompTIA A+

March 23, 2016 at 6:15 pm

Comptia A+

When most of us think of A+ we immediately think – “oh yeah – that is the cert where you learn to build and support a PC.” That is certainly what I thought when I was thrilled to receive the teaching assignment for CBT Nuggets. Boy – have times changed! First of all – it is no longer one exam – it is two. There is 220-901 and 220-902. And most importantly, the topics really do hit the most important in our industry today. Check out some of the themes I was thrilled to teach in this exciting new cert:

  • Blade servers
  • TCP/IP
  • WiFi
  • WiFi Security
  • End System Design
  • Mobile devices and BYOD
  • Virtualization
  • Cloud Computing
  • Network Security
  • Linux
  • Mac
  • Windows
  • Troubleshooting. Troubleshooting, and More Troubleshooting
  • Communication Skills for IT

This certification is so impressive, and a better first step into the industry than ever before!

Register Today: What’s New With A+ Webinar

January 25, 2016 at 5:28 pm

The new CompTIA A+

CompTIA recently revamped its A+ certification exam. Learn about new topics and expectations for the revised certification and its two exams. Join us for our January 26 “What’s New With A+” webinar to learn more!

During the 30-minute webinar, trainer Anthony Sequeira will discuss the changes to the A+ exam, why the certification holds value for IT pros, and more. And bring questions, as Anthony will answer as many as time permits. Thinking about CompTIA A+ certification? You don’t want to miss this webinar.

What: What’s New with A+ webinar
When: 10 a.m. (Pacific Time) Tuesday, January 26, 2016
Register here.

Mark your calendars and we’ll see you there!