Spear phishing tactics convincing, insidious
NEW YORK (8/14/12)--Cybercriminals are tricking more victims with a potent, authentic-looking scam that is highly targeted, contains some personal information, and hooks even the most tech-savvy individuals (Smartmoney.com Aug. 6).
A few years ago, con artists filled inboxes with blast e-mails asking for credit card and account numbers, passwords and other personal information, hoping for a few bites. That was phishing. Now spear phishing has become a more profitable scam.
Instead of sending an e-mail to millions of people randomly, spear phishers target their victims, such as employees of a specific financial institution or business. They want the wealth of information in those computer files--names, addresses, or account numbers. Anyone--or any organization--dealing with customers, clients, members, or patients is a potential target of spear phishers.
Most cybercriminals use social engineering--the practice of manipulating human emotions, interest, or desires to obtain a specific response--to get you to disclose crucial information. They craft the e-mail to make it look like it came from someone you know, and the personal nature of the attack makes it extremely seductive.
In one case a physician and faculty member of a university medical center received an e-mail that looked like it was from his information technology department. He was asked for his computer login information as part of an "upgrade" to the center's computer, and he gave it. What ensued was a gold mine for identity thieves--they had access not only to the doctor's personal information, but also to the personal information of hundreds of his patients.
Other innocent-looking tactics are equally dangerous. You could get an e-mail that appears to come from a co-worker or your human resources department, asking you to add some personal information to a company database. Scammers are getting better at generating legitimate-looking e-mail templates and building the malware needed to infect computers and intercept your communications.
Take steps to avoid being scammed:
Home & Family FinanceŽ Resource Center