Anti-phishing and Email Hygiene
Journalists and newsrooms are increasingly the victims of hacking and malware, and often hackers target them through their email. Virtually every “sophisticated” hack of an individual reporter or entire newsroom starts with a relatively simple attack: phishing and spear phishing.
Phishing is a social-engineering attack where an adversary crafts an email in such a way to trick you into divulging information that could be used against you or your network; gain access to, and ultimately commandeer your account; or introduce malware and/or viruses to your machine. Spear phishing is just like phishing, except the attacker uses information he or she already knows about you to specially tailor their phishing email. There are plenty of ways to be phished, and it happens incredibly frequently. Prepare yourself with our guide to mitigate or avoid phishing or spear phishing attacks.
What’s in your threat model?
Learn threat modeling. This is a technique that encourages you to clearly assess who your potential adversaries are, what exactly they would be interested in getting out of you, and what would happen to you if they succeeded. Try asking yourself, and others you work with, these following questions, and be as specific with your answers as you can.
- Who would be most likely to target me?
- How much money, time, and skill do they have to dedicate to targeting me?
- What would they most likely want from me (i.e. money? incriminating information? access to my friends or other trusted contacts?)
- What would happen to me if they were successful?
From there, look at how you normally communicate, and try to assess where your processes are vulnerable to those specific threats. If you’d like more information about threat modeling, have a look at the work by Jonathan Stray, whose work in this field has helped numerous journalists.
Read the Remainder at Freedom Press