Spear Phishing – a nasty variation of the email scam

I came across an article this evening that talked about a hack attack against Kaspersky Labs, one of the best anti-virus companies around. Coincidentally, I happen use Kaspersky anti-virus software so I had a vested interest in finding out more.

I won’t bore you with the full story but apparently the hackers gained access to the Kaspersky networks via what’s called ‘spear phishing’. Excuse me?

This is an excerpt from the best explanation I found online:

Introduction

The latest twist on phishing is spear phishing. No, it’s not a sport, it’s a scam and you’re the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Learn how to protect yourself.

Email from a “Friend”

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: “Hi Bob” instead of “Dear Sir.” The email may make reference to a “mutual friend.” Or to a recent online purchase you’ve made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.

Using Your Web Presence Against You

How do you become a target of a spear phisher? From the information you put on the Internet from your PC or smartphone. For example, they might scan social networking sites, find your page, your email address, your friends list, and a recent post by you telling friends about the cool new camera you bought at an online retail site. Using that information, a spear phisher could pose as a friend, send you an email, and ask you for a password to your photo page. If you respond with the password, they’ll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right one, they’ll use it to run up a nice tab for you. Or the spear phisher might use the same information to pose as somebody from the online retailer and ask you to reset your password, or re-verify your credit card number. If you do, he’ll do you financial harm.’

You can read the complete article here:

http://au.norton.com/spear-phishing-scam-not-sport/article

What I find particularly unpleasant about spear phishing is that it uses personalised attacks to take you off guard. We all know not to bite when we get an email address to Dear Customer or some such generic salutation, but when we get something specifically addressed to us? Perhaps from a company that we actually do have contact with? How many of us would think to question that nice, convenient link?

Luckily most of us aren’t important enough to justify such an attack, but that does not mean we are safe. As a matter of principle [and habit!] we should make it a rule to NEVER use links in emails, no matter how convenient they are. It’s just not worth it.

Night, night

Meeks

Advertisements

About acflory

I am the kind of person who always has to know why things are the way they are so my interests range from genetics and biology to politics and what makes people tick. For fun I play online mmorpgs, read, listen to a music, dance when I get the chance and landscape my rather large block. Work is writing. When a story I am working on is going well I'm on cloud nine. On bad days I go out and dig big holes... View all posts by acflory

9 responses to “Spear Phishing – a nasty variation of the email scam

  • davidprosser

    Another great warning to keep us from the predators. Thanks Meeks.
    xxx Massive Hugs xxx

    Like

  • Carrie Rubin

    I receive a lot of these, often sent by email addresses of friends or family. Usually I can spot it easily, because there’s just a “Hey, check this out” and a link. I know my family or friends wouldn’t do that. But sometimes, they’re more sophisticated, and now I know why based on what you said here. Scary.

    Like

  • Candy Korman

    I can’t tell you how many times I’ve received fake pleas from friends who are traveling and lost their wallets. That particular spear phisher, tries to hook you with your friends email address & name. As a lot of my friends travel, the first couple of times I paused wondering if it were true. Not anymore!

    Like

    • acflory

      I’ve received a few odd emails from friends but luckily the hackers didn’t have personal stuff to get me with so I could ignore the whole thing. But if this is the future of scams, it has me worried. We put so much personal information out there onto social media, a true personalised attack would be easy to mount. 😦

      Like

  • Lynne Cantwell

    I got an email the other day, purportedly from Amazon, saying I was such a great customer that they were giving me a $100 gift card — just click here! Uh-huh. Except I’ve never used that email address to buy anything on Amazon. And the sender’s email address was from somewhere in India. I reported them to Earthlink as spam, but it’s like playing whack-a-mole — as soon as one email address gets blocked, the spammers are up and running with another.

    Sometimes I long for the old days, when the worst thing you had to be wary of was an obscene phone call….

    Like

    • acflory

      -giggles- Oh for the days of the heavy breathers? I haven’t had one of those in donkeys years. And you’re right about the scammers – the authorities simply can’t keep up forget about getting ahead of the game. That’s one reason I’m so paranoid. I’ve got good anti-virus software but these days it’s just not enough. You have to have eyes in the back of your digital head. :/

      Like

  • EllaDee

    I think this information can’t be publicised enough. People are still getting caught out, because some of the phishers are getting really good at it… imagine what they could accomplish if they used their talents legitimately!

    Like

    • acflory

      Funny you should say that. Apparently some of the most successful antivirus companies were either founded by, or employee former hackers. 🙂 Takes one to know one?

      Like

Don't be shy!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: