5. When spear phishers strike
Posted on 17 Jun 2008 at 10:38
Gaffe rating: 311
Web 2.0 and Software as a Service (SaaS) have become the biggest buzzwords of the past couple of years, attracting attention from the media and the malicious alike. Indeed, the internet underworld is realising it's just too sweet a honeypot to ignore, as CRM vendor Salesforce.com discovered last year.
The company was snared by a classic spear phishing technique, where a highly targeted social engineering exploit is unleashed upon a single employee to gain further access to more profitable accounts. In the case of Salesforce.com, the profitable account was one that enabled the hacker to access and copy a customer contact database including first and last names, company names, email addresses and telephone numbers of Salesforce.com customers. It was all the ammunition required to launch a further phishing spree on those customers, this time with the added bonus of having all that personal data to add authority to the scam.
Remember that not all phishers are Nigerian princes with an urge to share their bounty with the residents of Croydon. Always question why someone who has your account information should be asking out of the blue for you to repeat, add or update it. Spear phishing exploits make it harder than ever to spot the bad guy, because they will have invested time and money in making you believe. Bottom line: follow company security policy and don't reveal login information to anyone outside of its remit.
Next: 4. Most wanted: FBI distributes worm
Author: Davey Winder
From around the web
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk
advertisement
- Windows 8 on ARM to run desktop apps... but only Office
- Windows 8 pauses desktop apps to save energy
- Mobiles boost Apple profits... and there's more to come
- Ubuntu rips up drop-down menus
- RIM founders fall on their swords
- Microsoft to tweak Windows 8 Start screen
- Weak PC sales expected to hit Microsoft's profits
- 802.11ac routers to hit 800Mbit/sec this year
- Asus Transformer Prime gets HD upgrade
- Netgear brings apps to routers for “smart networks”
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
advertisement
Printed from www.pcpro.co.uk