Spear Phishing: The Big Catch

by TMG

by 

The latest in phishing attacks, spear phishing is a more targeted version of the scam in which victims are cherry-picked. Instead of sending out mass e-mails to random victims, hoping someone will “take the bait,” spear phishing artists target individuals or certain groups of people who have something in common (i.e. they bank together, work together or transact with the same retailer, etc).

Spear phishing is all about the details. The fraudsters have done their homework and already have some pieces of information. They use a victim’s name specifically or craft their communication to appear as though it’s from a trusted source, like a retailer or bank the victim does business with. This helps the fraudsters achieve their nefarious objective – to gather more meaningful information from the victim. With this information, they can access existing accounts, or worse, open new ones under a false identity.

Another tactic of spear fishermen is to send attachments with e-mails, such as PDF files, or emails including web links in the body of the email. Once clicked, these documents and links release devious malware onto victims’ computers. Because malware allows hackers access to files, keystrokes, passwords, and more, the victims have essentially opened their personal data files to the criminals.

Spear phishing scammers with bigger fish to fry craft their schemes to gain access to businesses and corporations. These entities are, unfortunately, becoming more vulnerable as employees, including C-suite executives and others with access to sensitive data, files and accounts, engage in online social behavior that exposes their private information in new ways. This makes that homework much easier for the scammers.

continue reading »