Executives in Direct Line of Latest Phishing Attacks

As per MessageLabs, the leading provider of e-mail security services, targeted phishing or e-mail frauds that are aimed at particular company personnel or team members, also known as spear phishing, has increased considerably in the last couple of years.

An organization that would witness around two targeted phishing messages every week in 2005, nowadays witnesses almost 10 daily, stated MessageLabs' Senior Analyst Paul Wood, as reported on November 15, 2007 by PC World.

At the start of 2007, the organization detected two occurrences of what is today being termed as whaling. During these frauds, phishers discover the name and mail ID of a firm's boss or top brasses (a data that is readily available on the Internet) and create an e-mail related to the targeted individuals and their function in the firm. The e-mail tries to tempt the executives into opening a link that would take them to a site where malicious software is downloaded onto their PC. This software is capable of tracking keystrokes or dig up classified details or company secrets.

The mails claim to be from the Better Business Bureau warning executives about a complaint put up on a site, or from an employment firm or communiqué about a bill.

MessageLabs' own messaging security service seized 514 e-mails within a span of two hours in June 2007, all of them meant for its clients, each directed at C-level executives in different companies. Yet another outbreak comprising of 1,100 phishing strikes within a span of 15 hours took place in September 2007. Every e-mail held Trojan software embedded within a Word document, and separately addressed to high-ranking company executives.

The single reason behind the transformation is the unprecedented rise in the eminence of social networking sites, such as LinkedIn and Facebook, that offers scammers the access to details such as a user's job designation and business relationship.

Moreover, as several executives reply to messages immediately, they are now more approachable than their predecessors. Next, there's the huge accessibility of illegal expertise over the net. Previously, cyber criminals had to develop and program their particular scams and viruses, these days, such skills can be easily bought online for a price.

Related article: Exhausted By New Features, Users Would Downgrade Security

» SPAMfighter News - 11/29/2007