FBI Cautions Internet-Users of ‘Missing Children’ Related Spear-Phishing E-mail
US' Federal Bureau of Investigation (FBI) is warning Internet-users about one spear-phishing electronic mail which poses as coming from a 1984 founded organization namely National Center for Missing and Exploited Children, which lately took up the role of clearinghouse for the country regarding problems associated with sexually exploited as also missing children, published 7thspace.com dated August 26, 2013.
Using a header "Search for Missing Children," the malicious e-mail contains one zipped folder as an attachment having 3 malevolent files.
Telling more about the e-mail campaign, Darrell Foxworth, Special Agent of the San Diego Field Office of FBI stated that the zipped attachment in the e-mail consisted of harmful files hunting down 'usernames and passwords' type of confidential data. Santee.patch.com published this dated August 26, 2013.
Internet-crooks who manage to get such information are likely to utilize it for committing intellectual property theft, setting up false identities or hacking into financial accounts, says FBI.
Foxworth opines all organizations, business or otherwise, are in danger of getting attacked with a spear-phishing campaign. As different from simple phishing e-mail assaults, spear-phishing assaults are not arbitrary. They're targeted at specific employees for making them take down something from the Internet, which enables the scammers gain admission into the enterprise's PC-network.
However, for remaining safe from spear-phishing or more kinds of targeted assaults, the US-CERT (United States Computer Emergency Readiness Team) of Department of Homeland Security (DHS) advises certain actions. These are being cautious of unsolicited else unanticipated electronic mails having web-links/attachments, particularly if the messages seem associated with known events, and not clicking web-links or viewing attachments inside the kind of uninvited dubious e-mails.
Secondly, watching out for and informing about doubtful operations, like spear phishing incidences. Thirdly, educating Internet-users of e-mail phishing and social engineering associated with complex meetings and events. Fourthly, no employee getting a dubious message online overlooking informing about it to his office as per the latter's security policy.
Recipients of such messages may even inform the FBI via lodging one formal complaint at the agency's website www.ic3.gov. Moreover, the telephone number, e-mail id and website of US-CERT are 888-282-0870, SOC@us-cert.gov, and www.us-cert.gov respectively.
» SPAMfighter News - 30-08-2013