What is Phishing
Phishing is electronic trickery with malicious intent. In most cases it is an attack that is designed to steal sensitive information from the victim and/or infect their system with malware.
What is Spear Phishing
Spear Phishing is a targeted phishing attack. Unlike phishing attacks that casts a wide net and rely on a small percentage of victims, spear phishing is customized and targeted to the victims. Spear Phishing contain multiple attributes that make the email seem legit. The email typically contains the victim’s name, the name of a credible vendor or associate and an operation that the victim routinely perform. As an example, Mary Jones in Accounts Payable may receive an email that may look like it is from one of her vendors that is requesting status on an overdue payment. The moment the email attachment is opened her computer can get compromised. Similarly, if she clicks on any link in the email her system and accounts can get compromised.
The most common motivation for phishing is financial gain. As mentioned before, phishing usually casts a very wide net and is a massive success for the attacker even if they manage to get a handful of victims. It is a very low tech crime that requires few resources and little technical knowhow. Once the user’s credentials are compromised, these credentials can often be used by the attacker to get access to their account and then drain their accounts. Users often reuse their passwords. This allows the attacker to reuse the compromised credentials against other websites, email accounts, financial accounts and social media. Every compromised account and site leaks more information for the attacker that can be monetized. In most cases, the compromise of email account can easily result in compromise of all other accounts.
How does ReAn Help
ReAn protects against the most common phishing attack that targets compromise of security credentials. A phishing site is different from real site in many ways. While it may “look” the same to humans, it is natural for computers and for ReAn to see that the phishing site and real site are different. ReAn uses this key principle to generate unique password for every site. So even if the end user falls for a phishing email and ends up generating the password, the password generated by ReAn will be completely useless on any real site. The attacker can therefore NOT use those credentials in any way. ReAn will therefore protect the user against the most common phishing attack.