Spear Phishing: can it fool me?

An example of a phishing e-mail, disguised as ...

Image via Wikipedia

Recent articles in the news remind me that anyone can be fooled by a good scam. the problem is always the trust we gave to the communication we received. is not just a financial problem (you remember the Madoff scam?) but a problem that can hit anyone, even expert guys can fall.
The most recent was the hack occurs at Oak Ridge National Laboratory, but it is just the last of an infinite series. Also the RSA securID breach  was prepared with spear phishing.
What is spear phishing? Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. It is, in other words, a targeted phishing build to capture trust of a specific organization or group of people.
Believe it or not it is highly effective but require some preparation. The mail has to be correctly formatted, and also the language used have to be the correct one. In other words it require a good knowledge of the target to be effective.
As for financial scams that usually are perpetrated by apparently honest and trustworthy gentlemen spear phishing (but also phishing in general) need to present as an official communication coming form a trustworthy source. If this can also mention private fact or internal knowledge it is more effective.
The way to collect those information is not so complicated: Facebook, as an example, is usually a great source of info, as well as LinkedIn and other social networks. But we can remember also blogs and forums.
The first step is gathering information, the more the better. this could partially explain why there have been recently so many theft of personal data, as in the Epsilon case. more data I have the easier and more effective will be to create my scam.
So even the most secure organization can be fooled. Can we protect ourselves?
Well education, DLP and a great email-security engine would be of use as well as some web protection since the liaison between mail and web is always strong.
but the best defense would be a little more awareness of the risk, and consider that anyone (yes me too) can be fooled.
cheers
Antonio

Enhanced by Zemanta
Antonio Ieranò
CSO, Cyber Security Architect, technical evangelist, consultant, writer, journalist and trainer
I am a Security Manager and architect, CSO, BDM, marketing specialist, and tech evangelist with over 20 years of experience serving as a community liaison, subject matter expert, and high-profile trainer for key technologies and solutions. My experience includes acting as the public face of Huawei technology and before Cisco security technologies; leading pan-European technical teams in development of new Cisco security products; and serving as a key public speaker and trainer on behalf of new high-tech products. My expertise spans IT development and implementation, marketing strategy, legal issues, and budget / financial management.

Specialties and Executive Expertise
IT Strategy, Technical Audits, Enterprise Architecture & Applications, Technical Sales Liaison, Solution Architecture, Network Design, Architecture, & Security, Vulnerability Assessment & Management, Systems Engineering, Data Privacy, Cloud Computing, Marketing Strategy, Budget Management, Social Media Marketing, High-Impact Presentations,incident handling, Forensics, Italian companies, Authentication, Infrastructure security, Security manager, Security issues, Attacks, Security infrastructure, Data encryption

Security and Technical Advisoring
Project Management
Business Development and Marketing

To the official site of Related Posts via Taxonomies.

CC BY-NC-SA 4.0 Spear Phishing: can it fool me? by The Puchi Herald Magazine is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.