Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Analysis

5. When spear phishers strike

Posted on 17 Jun 2008 at 10:38

Gaffe rating: 311

Web 2.0 and Software as a Service (SaaS) have become the biggest buzzwords of the past couple of years, attracting attention from the media and the malicious alike. Indeed, the internet underworld is realising it's just too sweet a honeypot to ignore, as CRM vendor Salesforce.com discovered last year.

The company was snared by a classic spear phishing technique, where a highly targeted social engineering exploit is unleashed upon a single employee to gain further access to more profitable accounts. In the case of Salesforce.com, the profitable account was one that enabled the hacker to access and copy a customer contact database including first and last names, company names, email addresses and telephone numbers of Salesforce.com customers. It was all the ammunition required to launch a further phishing spree on those customers, this time with the added bonus of having all that personal data to add authority to the scam.

Remember that not all phishers are Nigerian princes with an urge to share their bounty with the residents of Croydon. Always question why someone who has your account information should be asking out of the blue for you to repeat, add or update it. Spear phishing exploits make it harder than ever to spot the bad guy, because they will have invested time and money in making you believe. Bottom line: follow company security policy and don't reveal login information to anyone outside of its remit.

Next: 4. Most wanted: FBI distributes worm

The 10 worst security gaffes

Author: Davey Winder

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Most Commented Features
Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008