zoneH- Scammers going 'spear-phishing' now
Online criminals trying to pry passwords and other sensitive information out of companies have started using phony e-mail message to pose as powerful executives of the targeted organisations.
Known as “spear-phishing”
, the technique is an ingenious wrinkle on the “phishing” e-mail scams that try to trick consumers into giving up bank account information and other sensitive details that can be used in identity theft.
Business are typically reluctant to publicly disclose when they are the target of online attacks but online security company MessageLabs said in June that it has seen the point where it now sees one to two spear-phishing campaigns a week.
Rather than posing as a bank or other online business, spear phishers send e-mail to employees at a company or government agency, making it appear that the e-mail comes from a powerful person within the organisation.
It works wonderfully if you’re a bad guy.
Unlike basic phishing attacks, which are sent ut indiscriminately, spear-phishers target only one organisation at a time.Once they trick employees into giving up passwords, they can install “Trojan horses” or other malicious software programs that ferret out corporate or government secrets
Spear-phishing has emerged as one of several kinds of “targeted attacks” that expert say have grown more common in 2005.
Though such attacks are difficult to trace, many compromised machines seem to be reporting back to Internet address in the Far East, according to report by Britain’s National Infrastructure Security Co-Ordination Centre.Spear-phishing can be devastatingly effective even among employees who are aware of online threats.
At the US Military Academy in West Point, New York, several internet tests found that cadets were all too willing give sensitive information to an attacker posing as a high-ranking officer.
It’s the colonel effect. Anyone with the rank of colonel or higher, you execute the order first and ask question later.
Cadets in more recent tests have been somewhat more likely to report the message as suspicious as awareness has grown.
Employee education helps conteract the threat but these attacks will remain rampant until e-mail verification schemes
come into widespread use, said Dave Jevans, chairman of the Anti-Phishing Working Group, a group of banks and online retailers formed to fight the problem - Reuters
-scammers on the go-