Client Testimonial
"Many IT service providers are more interested in selling hardware than providing a prompt and value adding service. This is not the case with Dual Layer." read more »
Director
Harmony Capital
Client Login
Username:
Password:
 Quick Contact
Name:
Phone:
Email:
Spear Phishing’ attacks Companies and Governments
Category : General 06 Dec 2010 05:22 AM | Industry News
These spear phishing mails generally included URLs that reportedly direct victims to a webpage with images, greeting card, but, in reality would take them to websites where login credential stealing (like iStealer - presently with a very stumpy detection rate on VirusTotal) and isolated administration (such as CyberGate) software would attempt to get installed secretly on the victim's system.
Neil Schwartzman, Senior Director of security strategy at e-mail security provider Return Path Inc, stated that the spear phishing attacks have attacked mail marketing companies that deal with opt-in campaigns for some of the major corporate brands, as per the reports by krebsonsecurity.com on November 25, 2010.
Schwartzman added that this is a systematic, deliberate and harmful attack which targets the industry-grade email deployment systems.
Lastly, in order to curb all kinds of spear phishing mails, security experts recommend some simple security tips- though sophisticated in nature, spam mails will continue to have some grammatical or spelling errors, if users get any mail which appears suspicious they should confirm it from the respective company or the sender.
Criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization’s computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data.
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail…an especially useful tool in crimes like economic espionage where sensitive internal communications can be accessed and trade secrets stolen. Malware can also hijack your computer, and hijacked computers can be organized into enormous networks called botnets that can be used for denial of service attacks.