Kiwis to remain Watchful of Extremely Advanced Targeted scam E-mails

Auckland, New Zealand-based SMX the security company for cloud e-mail has issued an alert to its associates and clients that there has been a security problem after many incidences of extremely advanced personalized e-mail scams referred to as 'spear phishing,' occurred and are continuing together with 'whaling' assaults, published securitywatch.co.nz dated September 7, 2015.

When people employed in any organization are targeted with e-mail fraud involving spoofed e-mails that are socially engineered for extracting money, the process is described as 'spear phishing.'

'Whaling' is described as the process of utilizing identical techniques of spear phishing, but targeted at chief people in the organization who're in senior positions normally a chief financial official.

Chief Technology Officer and Co-Founder Thom Hooker of SMX states that his company was witness to assaults that occurred within real-time in which soon as there was a 'whale' attached to the assaults, the perpetrators bought fresh domains like those that intended victims used so their organizations could be defrauded into sending money abroad.

According to Hooker, in one actual whaling attack against one major SMX client a travel firm, scammers dispatched one fully genuine looking email to that firm's chief financial officer (CFO) with the message appearing as communication from the chief executive officer (CEO) of that firm. Reportedly, in that e-mail, there was a request to send NZ$305,700 (USD192,000) to certain account of a foreign bank. Stuff.co.nz published this, September 7, 2015.

Unwittingly, there was an e-mail reply from the CFO following which the actual recipient of the e-mail, the scammers, got themselves one fresh ".com" Web-address registered that looked like the mentioned firm's real address, while they utilized the fake address to continue e-mail exchanges.

The described whaling attack is a most suitable example as it shows how when a whale is hooked the scammers instead of simply making their attack widespread they first select the companies whose senior personnel they target and then make sophisticated attack schemes by taking the cues from those targets' e-mal replies.

The crux of the story, it's important to train employees of organizations about security awareness associated with possible spear phishing and whaling attacks.

» SPAMfighter News - 9/14/2015