News
Spear-phishing Attacks Hook 15,000
Verisign estimates that spear-phishing attacks have taken in 15,000 victims over the past 15 months.
By Robert McMillan, IDG News Service (San Francisco Bureau)
June 09, 2008 —
Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" e-mail attacks, according to researchers at Verisign.
Verisign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95 percent of the incidents.
Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing emails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by Verisign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.
After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.
Attacks have spiked over the past two months, said Matthew Richard, director of Verisign's iDefense Rapid Response Team. "The bad guys have really fine-tuned both the delivery methods... as well as their use of the data," he said. "All the e-mails target businesses in some form or another."
In April, they launched their most successful spear-phish to date. A targeted e-mailing was sent to corporate executives, informing them that they had been sued. This attack worked well because it was novel, Richard said. "The subpoena one really took people off guard," he said. "Especially at the executive level. That fear of litigation certainly scared people."
In May, over 2,000 victims were compromised with spear-phish e-mails claiming to come from the U.S. Internal Revenue Service, the United States Tax Court, and the Better Business Bureau, according to Verisign.
Verisign does not expect the spear-phishers to give up anytime soon."Now that they have developed this well-tuned system, they will just keep doing it over and over again" Richard said.
Other stories by Robert McMillan
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention
Learn how this implementation of a DLP solution helps ensure customer trust and loyalty.
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Practical Role Management: Real-World Approaches to a Complex Problem
- The Case for Business Software Assurance ~ Securing Your Applications
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
