Spear Phishers Target Telecom Firm’s Customers
FBI officials recently became aware of a new e-mail scam in which consumers using the services of a telecommunications company received phishing e-mail.
Reportedly, the e-mail asked its recipients to visit the telecom firm's website through a given Web-link to give some of their private information such as Social Security number and date of birth. However, both the website and the e-mail happened to be bogus, as per the news published by fbi.gov on April 1, 2010.
An FBI official stated that the e-mail is truly a typical instance of phishing wherein cyber thieves trap innocent victims with formal appearing e-mails that entice them with bogus websites seeking personal information.
Moreover, the assault represents a still more malicious kind of phishing called "spear phishing," which is a highly prevalent Internet threat.
Criminals of spear phishing attacks do not dispatch bulk e-mails, rather they pick up specific group of individuals who belong to the same organization or share a common service. This can mean that the individuals work in a common company, order to buy goods from a common website, use a common banking service, go to a common college, etc.
The spear phishers dispatch e-mails, which appear authentic to the specific targets and present legitimate descriptions with an element of urgency.
Commenting on this kind of problem, security researchers stated that once cyber-criminals gain users' personal data, they can reach the latter's bank accounts, utilize their credit cards and/or establish an entirely new identity based on the stolen data.
According to Ed Skoudis, Founder and Senior Security Consultant at InGuardians, the latest spear phishing attack is an old yet good assault as it's an extremely targeted e-mail having a malicious file attachment or an unsafe Web-link resulting in client-side exploit, as per the news published by nextgov on April 6, 2010.
To conclude, according to security researchers, spear phishing attacks can be best avoided if users don't follow Web-links given in e-mails, rather type in the URLs directly into their browsers. Also, they must run an anti-phishing filter.
Related article: Spyware Detection Programs Track Advertisers’ Cookies
» SPAMfighter News - 16-04-2010