5. When spear phishers strike
Posted on 17 Jun 2008 at 10:38
Gaffe rating: 311
Web 2.0 and Software as a Service (SaaS) have become the biggest buzzwords of the past couple of years, attracting attention from the media and the malicious alike. Indeed, the internet underworld is realising it's just too sweet a honeypot to ignore, as CRM vendor Salesforce.com discovered last year.
The company was snared by a classic spear phishing technique, where a highly targeted social engineering exploit is unleashed upon a single employee to gain further access to more profitable accounts. In the case of Salesforce.com, the profitable account was one that enabled the hacker to access and copy a customer contact database including first and last names, company names, email addresses and telephone numbers of Salesforce.com customers. It was all the ammunition required to launch a further phishing spree on those customers, this time with the added bonus of having all that personal data to add authority to the scam.
Remember that not all phishers are Nigerian princes with an urge to share their bounty with the residents of Croydon. Always question why someone who has your account information should be asking out of the blue for you to repeat, add or update it. Spear phishing exploits make it harder than ever to spot the bad guy, because they will have invested time and money in making you believe. Bottom line: follow company security policy and don't reveal login information to anyone outside of its remit.
Next: 4. Most wanted: FBI distributes worm
Author: Davey Winder
From around the web
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk
advertisement
- Mozilla: everyone should learn a little bit of code
- Google mines social network data for semantic search
- Microsoft tweaks multi-monitor support in Windows 8
- Phone sales shrink as consumers await fresh handsets
- Nvidia warns 28nm supply problems continue
- File-fixing tools to improve uptime in Windows 8
- Mozilla: Microsoft blocking rival browsers in Windows RT
- Microsoft developing sound-based gesture control
- Dell working on Ubuntu Ultrabook for developers
- Media Center to be paid-for add-on in Windows 8
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Samsung Galaxy S III review: first look
advertisement
