A new mischievous type of phishing known as "spear phishing"--is a rising cyber threat that you need to know about.
Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common--they may work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc.
The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.
How spear phishing works.
First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization's computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data (or why you should change a password, etc.).
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail. Malware can also hijack your computer.
What can you do to make sure you don't fall victim to spear phishing?
Keep in mind that most companies, banks, agencies, etc., don't request personal information via e-mail. If in doubt, give them a call (but don't use the phone number contained in the e-mail--that's usually phony as well).
Use a phishing filter...many of the latest web browsers have them built in or offer them as plug-ins.
Never follow a link to a secure site from an e-mail--always enter the URL manually.
FBI Cyber Unit provides tips on how to protect your computer.
The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), released the 2008 Annual Report on the number of Internet crime complaints received.
The 2008 Annual Report states that complaints of online crime hit a record high in 2008.
IC3 received a total of 275,284 complaints, a 33.1% increase over the previous year.
The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007.
The average individual loss amounted to $931. For details on this report click here.
For more information and valuable resources visit the FBI Internet Crime Complaint Center
Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common--they may work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc.
The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.
How spear phishing works.
First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization's computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data (or why you should change a password, etc.).
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail. Malware can also hijack your computer.
What can you do to make sure you don't fall victim to spear phishing?
Keep in mind that most companies, banks, agencies, etc., don't request personal information via e-mail. If in doubt, give them a call (but don't use the phone number contained in the e-mail--that's usually phony as well).
Use a phishing filter...many of the latest web browsers have them built in or offer them as plug-ins.
Never follow a link to a secure site from an e-mail--always enter the URL manually.
FBI Cyber Unit provides tips on how to protect your computer.
The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), released the 2008 Annual Report on the number of Internet crime complaints received.
The 2008 Annual Report states that complaints of online crime hit a record high in 2008.
IC3 received a total of 275,284 complaints, a 33.1% increase over the previous year.
The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007.
The average individual loss amounted to $931. For details on this report click here.
For more information and valuable resources visit the FBI Internet Crime Complaint Center
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment