Phishing Attacks Using Hostile Codes Becoming More Targeted
According to Michael Gibbons, who was formerly the Chief of Computer Crime Probes and currently holds prime position in Privacy and Security Services at Deloitte, the problem regarding hostile codes is that consumers are now confronted with more of targeted phishing attacks than any other cyber crime, as reported by NextGov on June 25, 2008.
The FBI investigator disclosed that these hostile codes appear to be targeting agency heads and contracts' administrators to acquire valuable information. Therefore, it is important that agencies should raise user awareness and provide training to employee to identify phishing attempts.
Further, according to Gibbons, phishing attacks have long been known as a serious problem that delivers e-mails pretending to be notices from authorized persons or organizations to people using the computer and Internet. By delivering such e-mails, phishers hope that the users would follow a link and furnish them with personal information like passwords and bank account details.
Gibbons also indicated that phishing has evolved as the most frequent cyber attack on agencies. According to the Homeland Security Department's US Computer Emergency Readiness Team, of around 63,000 cyber attacks were reported to the agency during 2003-2006, nearly 42,000 related to phishing.
However, spear phishing attacks target a specific group of individuals whose names are used in the messages, and therefore more difficult to recognize and avoid. This type of phishing has become increasingly sophisticated and requires to simply clicks on a link so that software gets automatically installed for seizing personal information.
Gibbon cited an instance of an e-mail delivered to a team of military contractors. It appeared to come from a Pentagon employee. The message contained an excel document that apparently contained information on various products to be procured.
But when recipients opened the spreadsheet attachment, they unwittingly downloaded software that recorded users' keystrokes giving the attacker access to everything typed on their PCs, including usernames and passwords.
In another example, Gibbon tried to show how when a recipient clicked on a link in the e-mail, a hostile code linked a genuine site's IP address to an imposter site that asked for personal information.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 14-07-2008