Bob Rankin: Spear Phishing & Internet Security

bobr

By Bob Rankin

What is Spear Phishing?

Spear phishing is a more dangerous cyber attack than typically “blind” phishing or spam attempts because they lull people into a false sense of security. Consumers are on their guard against spam from sources they don’t know. But when an email seems to be from a trusted entity, or include personal details such as their name, people are more likely to do what it says.

A crude spear phish purportedly from your bank may tell you that your login information needs to be “verified” and instruct you to reply to the email with your username and password. That’s a pretty easy phish to avoid; no bank ever makes such a request. But what if the email tells you to “log on securely to our server via this linkā€¦”? Many people will do it without a second thought, and get caught without even knowing it.

Links in spear phishing emails don’t take you to the Web pages they say they will. While the highlighted text indicating a hyperlink may read, “Chase Bank” or “Your Ebay account,” the code underlying the link actually points to a Web page controlled by the phisher. When you go to that page, which is a copy of the legitimate one, you are asked to “log in” and that’s how the phisher gets your username and password. Then you may get a message saying, “server overloaded, try again later” or some other brush-off. That’s a fairly low-level technique; others are even more insidious and dangerous.

Customers of VioVet, a UK pet supplies dealer, received spear phish emails purportedly from the company, offering discount coupons if they clicked on a link in the email. The link took victims to a page which surreptitiously downloaded a malware program to their computers. The Trojan sniffed out sensitive information on the victims’ hard drives and transmitted it to the bad guys. Victims never knew what was going on.

Article continued here:

BOB’S WORLD

Internet Tourbus -> Free Newsletter

Ask Bob Rankin -> Tech Support

71 total views, 1 views today

(Visited 23 times, 1 visits today)

3 thoughts on “Bob Rankin: Spear Phishing & Internet Security

  1. Thx, that is a new one.
    My bank has 1 rule they NEVER violate!
    NO LINKS from this bank “EVER”
    I like that, how about You?

  2. Make sure the Status Bar is enabled to show up at the bottom of your e-mail client program window. When you mouse-over a link in an e-mail, the true URL will show up in t he status bar. If it is different from that in the e-mail text DO NOT CLICK IT!!!

  3. [he Trojan sniffed out sensitive information on the victims’ hard drives and transmitted it to the bad guys]

    Its like I tell my kids, if its on your computer, consider it public knowledge and/or stolen. Sensitive information belongs on paper in a locked fire resistant safe, in the basement, on a study shelf (or bank safe deposit box). And why the heck do companies still make software that offers to save passwords and personal information?

Leave a Reply

Your email address will not be published. Required fields are marked *