January 14, 2013

Spear Phishing

Last week I heard about a diferent type of email scam which tries to load malware on systems called "Spear phishing."  It is different from regular phishing in that it is targeted to specific individuals by name rather than regular phishing which may just say "Dear customer" or "Dear user@domain.com."
The phisher finds out the individuals name and email address, frequently directly from the company website.  He then sends the email to specific individuals, usually saying something like "Mr. Big asked me to send this to you" using a verifiable name from within the company.  If any one person opens it malware can be downloaded to the system and problems can begin. That happened to the South Carolina Department of Revenue in August 2012 and the malware gave the perpetrators access to "millions of social Security numbers, bank account information and thousands of credit and debit card numbers."  So even if you get an email that mentions you by name and claims to be from someone you know it is OK to be paranoid and make sure it is genuine or you could open yourself and your company to major problems.  To learn more about spear phishing just enter the term into the search engine of a browser and you can see many more examples. 

No comments:

Post a Comment