Spear Phishing: A Targeted Attack
- 1
- Add a Comment
One of the common, well known attempts at identity theft is phishing. You may received email asking you to do things like verify your PayPal account or your eBay account. The criminals are casting a wide ‘net’ with broadcast spam to see who will respond. Playing the numbers game, if enough spam is sent out, someone will make the error and carelessly give up their personal information.
Spear phishing is not broad spectrum spamming. It is very specific and targeted. For example, if you received an email from someone from your tech support services asking to confirm your security code, would you do it? The email is addressed directly to you and has your name in the text of the note. A glance at the email address shows that it is a company email. If you send back your security code or password, you may have been ‘phished’ - specifically, you have been ’spear phished’. You were targeted.
Email addresses can be spoofed. And the mention of your name in the text is just social engineering. It is to manipulate you into feeling secure and giving up the information. Obviously, in business, the senior management has access to the sensitive data. One breach there could mean a security problem involving hundreds, perhaps thousands, of files containing information for a staggering number of identity thefts.
The spear phishing is not limited to businesses. It can happen to anyone. An example is the recurring jury duty scam. In this ploy someone may call or write and tells you that you have been negligent in performing your jury duties. You may reply that you did not receive any notification. The hacker then asks you for your social security number to confirm that the documents are indeed yours. And you can guess the rest… it’s spear phishing on a smaller scale.
Obviously, the precaution is to check before giving out any sensitive information. Check thoroughly and then check again. And even then, you may want to say ‘no’…
Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/
[tags]phishing, spear phishing, security, data breach, identity theft, spoofing, social engineering[/tags]
One Comment
Logg.Nu » Australian Government To Launch Alert On Online Scam (citi identity theft solution)
August 14th, 2007
at 11:50am
[...] Spear Phishing: A Targeted AttackAuthor Avatar One of the common, well known attempts at identity theft is phishing … information for a staggering number of identity thefts. The spear phishing is not limited to businesses … , security, data breach, identity theft, spoofing, social engineering [...]