Malware

New phishing scam targets high level executives

A new phishing attack has been circulating lately, but instead of trying to dupe millions of computer users into giving up their financial information, this one is aimed at high level executives. The email scam purports to notify the executive about court proceedings and tries to get them to click a link that installs keylogging software as well as software designed to let a hacker take control of the computer.

A new phishing attack has been circulating lately, but instead of trying to dupe millions of computer users into giving up their financial information, this one is aimed at high level executives. The e-mail scam purports to notify the executive about court proceedings and tries to get them to click a link that installs keylogging software as well as software designed to let a hacker take control of the computer. Unfortunately, social engineering, the process of tricking a user into trusting requests from a hacker, is getting to be a major problem, and if the hackers are successful in their latest attack, they could be holding some valuable passwords.

Larger Prey Are Targets of Phishing (New York Times)

The government is responding by closing thousands of paths from their networks to the Internet as a result of an order by President Bush. At least one security researcher has begun to develop software that will allow him to infect hacking tools with his own malware as security in those tools is lacking.

"Most malware authors are not the most careful programmers," Eriksson said. "They may be good, but they are not the most careful about security."

However, security concerns are not all about hackers on the outside getting in. Some of the biggest security breaches are actually committed on the inside of a computer network by its own users and one of the major culprits is unsecured USB flash drives.

Defenseless on the Net (Business Week)

Security Guru Gives Hackers a Taste of Their Own Medicine (Wired)

Flash Drives Threaten Security (PC World)

Many if not most users are used to phishing scams by now. I probably get at least four or five a day, with most pretending to be a bank or other financial institution that needs to "verify your information." Many speculate that the vast majority of phishing scams originate in China, but the unsettling part of this newest attack is the fact that financial institutions were heavily attacked, in particular one sector that a security researcher declined to identify for security reasons. How do you cope with the rising tide of hacking attempts?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

8 comments
support
support

Social Engineering: Because there is no patch for human stupidity!

Andy J. Moon
Andy J. Moon

The defenses most of us have around us are considerable. Email filters try to capture these types of attacks, anti-virus and anti-malware software detect and clean infections, and IT professionals are hired to manage these services and look for signs of infections not caught by the software. However, one thing that can improve the situation dramatically is training. Users who are well trained to spot the warning signs are unlikely to be affected by such scams. They develop a healthy sense of skepticism and the ability to search places like Snopes.com to avoid being taken in by scammers. What controls do you have to avoid phishing attacks and fix infected computers?

RealGem
RealGem

I get almost zero spam at home and I don't have a filter. It's because I don't give out my email address to everybody that asks for it. I don't allow it to be published. If people were just a little smarter, they too could save themselves the hassle.

dennis
dennis

Pay close attention to the details. Our CFO received one of these telling him about a lawsuit. He ask me to look at it because if there was really a lawsuit, it would most likely come by certified mail or sheriff's department delivery. Going to the website, it looked very professional, as if it was a US Goverment web site complete with their logo's and banners. But the domain was not us.gov or anything close. And the IP address was common to spam. Looking at the letter itself, the date format was day-month-year, not the US convention of month-day-year. And finally, there was incorrect grammer usage. So we sent it to the bit bucket for recycling.

DancinKatieh
DancinKatieh

You can only train the trainable. I talk with execs ALL day everyday about risks like these and how NOT to click on everything they see and they do it anyway and then claim "I don't know what happened".