NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0377 Sophisticated Phishing Exploits Target Top Execs:


Phishers are developing highly sophisticated methods of targeting high-level executives and wealthy end-users by creating bogus messages that are more convincing than ever before. "Spear phishing" is the practice of targeting specific organizations or users with false messages and "whaling" is a practice of researching and targeting the wealthiest and most influential people online. Social-enginnered phishing messages are often hard to ignore. For example, some messages not only call the user by name, but make reference to specific pieces of real estate that the individual owns. In many cases, references in a message appear to come from a major government agency or authority, such as the Department of Justice or the IRS. Phishers will also give the message a sense of immediacy, something the reader needs to act on right away, and a link.

Collectively, these tactics can fool even a savvy user into clicking on the link. These links usually lead to a convincing-looking web site that extracts further personal data from the user, or they contain a Trojan or keystroke logging program that enables the attacker to damage or steal information from the user's machine.

Some phishers now also include a phone number in their message. Phone numbers were rarely used previously for such operations because they are easy to trace. Now phishers are using Voice-over-IP (VoIP) numbers that can be easily taken down and are difficult to trace.

(www.darkreading.com 29JAN08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 11:57:08 EST