Even spammers evolve with time. As we become better equipped to deal with traditional spam email, spammers have had to rethink their methods of cyber attack. The result is phishing – targeted attacks aimed to gain access to highly sensitive personal or corporate data, such as usernames, passwords or credit card details, by luring unsuspecting recipients via email to a fake website disguised as a legitimate one from a trusted source. The most dangerous type of phishing is known as ‘spear phishing‘, where targets are identified in advance and the email they receive contains information very specific to them.
A recent Cisco report entitled ‘Email Attacks: This Time It’s Personal‘ indicates that the cost due to traditional mass spam attacks has declined by more than 50%, from US$1.1 billion in June 2010 to $500 million in June 2011, and a corresponding reduction in the volume of spam from 300 billion to 40 billion in the same time period. However, they also estimated that targeted scams and malicious attacks have increased fourfold from US$50 million to US$200 million and that the overall cost of targeted attacks to organizations worldwide is $1.29 billion annually.
You are more susceptible to a spear phishing attack than you might think. Cyber criminals can find out specific details about you from websites that you visit, blogs or social networking sites. In the worst case, they hack into an organization’s computer network and find out details pertaining directly to you such as a recent purchase and use that as leverage in an email to get you to go to a fake website where you divulge even more personal details such as your birthday or social security number. A recent example is the hacking of the Sony Playstation Network, where user information such as names, passwords, addresses and credit card numbers were stolen putting Sony customers at serious risk of identity-theft scams.
The Federal Bureau of Investigation (FBI) suggests taking these precautions to avoid being the target of a spear phishing scam:
- Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail-that’s usually phony as well).
- Use a phishing filter! Many of the latest web browsers have them built in or offer them as plug-ins.
- Never follow a link to a secure site from an e-mail-always enter the URL manually.
- Don’t be fooled (especially today) by the latest scams. Visit the Internet Crime Complaint Center (IC3) and ‘LooksTooGoodToBeTrue‘ websites for tips and information.
Leave a Comment