The following article is a paper written by Alex Elam, an aspiring Cyber Security Analyst with a degree in Biochemistry (Biotech/Biohacking Specialist).


According to Spanning Cloud Apps (2022), 30,000 websites are hacked every day and over 60%of organizations in the world have experienced some form of cyber-attack. Spanning Cloud Apps also claims that the average attack has cost businesses around $4.24 million per attack. These exploitations are known as cybercrime. Cybercrime is defined as any illegal activity that uses a computer during its commission. Five of the most common types of cyber-crime are phishing, cyber extortion, data breach, identity theft, and crypto currency theft (Kaspersky, n.d.). Nearly Everyone with an email address has been the target of phishing by now. Phishing is when an attacker poses as a legitimate entity and sends emails to targets which contain links to malicious websites. Other forms of phishing occur via SMS text messaging (smishing) and phone calls (vishing). There are special types of phishing called spear phishing and whaling. Spear phishing targets a specific individual. This type of phishing usually requires some special research for the attacker to seem more legitimate. Dumpster diving is one way an attacker can gain information of a specific target. If an attacker goes through a target’s trash and finds out who that target is used to communicating with, the attacker will have a much greater chance of convincing the target that the attacker is a legitimate entity. Whaling is just spear phishing for someone who has access to data or financial accounts with great value such as CEOs or politicians. Facebook and Google fell victim to a phishing attack which cost the companies $100 million over a period of two years. The scheme began when the attacker created a fake company which posed as a legitimate company based in Taiwan called Quanta Computer which Facebook and Google regularly do business with. After establishing the fake company, the attacker then sent Facebook and Google a series of fake invoices between 2013 and 2015. Since the fakes were so convincing, the accounting departments of these two companies paid the sums without giving it a second thought. With invoice scams like this, an attacker usually has access to the target’s network for weeks or months before the invoice attack is carried out. This allows the attacker to gain understanding of what normal transactions and finances look like from the view of the target company. Attackers typically use malware to gain this valuable insight which is usually accomplished through phishing. The Facebook / Google case could be classified as spear phishing since the attacker specifically targeted the finance teams.