|
New targeted e-mail attacks try to lure you in with specific, convincing messages. These recent targeted attacks use social engineering to trick people into who are avoiding the wider phishing e-mails. They are usually directed at employees or members of a smaller group and seem to be coming from some trusted official, such as the head of the IT Department. A recent attack went exclusively to the faculty and students of a university and was directed at their credit union while another was directed at a small Israeli company.
How spear phishing works:
The spear phisher locates a target company with a detailed online directory, and pulls a list of e-mail addresses. To furthur the illusion, the phisher picks an important person to serve as the "source" of the message. (Like a member of the IT Department) The spear phisher writes the e-mail appeal, using as many company-specific details as possible, and sends it to the target list. ("To:.. From: IT Dept..
Subj: I need your info now...) An employee falls for the attack and gives up his log-in and password. The break-in! The phisher uses the collected date to steal company information.
|
