Subscribe via RSS ... Subscribe via e-mail ... Follow me on Twitter ... Follow me on Facebook ...

«
»

Fraudsters hone their attacks with spear phishing

Mar 3rd, 2010 by

Nice article I’ve found on Infoworld.com about the evaluation of phishing and its latest appearance in form of spear phishing (the method Megapanzer is used).

Fraudsters hone their attacks with spear phishing

In my previous column, I said that the No. 1 way to reduce IT security risks in your organization is to “simply” prevent end-users from installing stuff they shouldn’t. This, of course, is much easier said than done.

Although infected innocent Web sites results in a large percentage of security breaches, fraudulent emails still abound. Unfortunately, long gone are the days when it was easy to identify malicious phishing email by their strange subject lines and horrible grammar.

Today’s phishers, at the very least, are grammatically correct. The ones without enough education or experience to use language correctly naturally made less money and fell out of the criminal business early on; either that, or they hired smarter people.

The next generation of phishing messages, which is still prevalent today, strongly resembles legitimate messages from our banks, cable companies, online electronic payment services, and credit card companies. Everything in the emails looks legitimate, including the graphics that originate from the real company’s Website. (The ones that included a notice to watch out for fake phishing messages always made me giggle.) The only thing that’s fake in the entire message is the link that victims are required to click to complete the requested action.

This form of phishing is pretty effective, but the messages at least contain a small clue (the bogus URL link) to users that they should evaluate the legitimacy of the request. Today’s browsers, with antiphishing features, might even warn an end-user against loading the bogus site.

But now end-users are being targeted by a new form of phishing, called “spear phishing,” which specifically targets a user or company. Spear-phishing emails look more authentic than the aforementioned breed, often including the user’s complete name or referring to a real project that the user is working on. Spear phishers often gather this information by doing tactical research or even breaking into a database, and it’s effective enough to fool even the savviest end-users.

Read more here.

tags: , ,

posted in News & media

Leave a comment


But please respect the commenting rules. Critizism is appreciated and also general comments of course. If you're rude, I have to delete your comment. Also use your personal/nick name but avoid using business names. Have fun and thanks for participating the discussion.