Phishers could Exploit CEOs on Facebook
A security company in Hong Kong warned on January 4, 2008 that executives of large organizations should make sure that the data they post on Facebook and other social networking sites is safe or they should avoid them completely.
The warning was issued after finance directors and CEOs of some corporations disclosed their personal information on Facebook and are now encountering spear phishing type attacks. According to security experts, spear phishers are finding targets on social networking sites to exploit their details for identity theft and fraud for sites like Facebook allow data on users that make worthwhile targets for attacks. It is also far more valuable to capture details of a managing director in comparison to a junior employee.
Towards the end of December 2007, Network Box, the maker and seller of appliances for threat prevention, carried out an experiment that showed the extent and variety of problems in trying to pick up critical information from big-sized business executives.
Network Box's Managing Director, Simon Heron, explained her company's experiment over e-mail. She wrote that they used a counterfeit web mail account to set up a counterfeit Facebook account. The results were so impressive that it could attract any identity thief, she suggested. Computerworld published this on January 4, 2008.
Heron further explained that the experimental bogus friend's request drew the interest and acceptance of several targets enabling Network Box to access their profiles. This, in turn, allowed mining of personal information that could help to make the phishing e-mails sound legitimate.
Heron cited a significantly notable instance of spear phishing from 2007 in which cyber criminals launched a spam campaign after hacking into the database of Monster.com and gleaning information relating to 1.3 Million users who had uploaded resumes to the widely used job recruitment site.
Network Box believes that cyber criminals tend to exploit databases that are conveniently available. Incidentally, there are around 400,000 servers worldwide holding databases that are even now openly accessible on the web.
Heron, therefore, recommends company executives to avoid social networking sites in business deals and restrict employees from uploading company details on such pages.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 15-01-2008