Changes in Spear Phishing Attacks
Monday, March 15, 2010 11:00
**Before reading this article, please refer to my previous article on identifying phishing attacks. A number of the typical identifiers used to identify a phishing are no longer as important. Some recent changes made by these scam or social engineering artists makes it hard to easily identify such e-mails as phishing attacks.
Spear phishing attacks are different from other phishing attacks in that a specific company or user is targeted. In the newer form of spear phishing attacks, there are no links to malicious or fake websites. They don’t ask users to download or install any software or any other type of activity that might be suspicious to the normal user or business owner. Instead, they try to get the user to open or create holes in their computer security. One example is asking a network administrator to open a certain port to be used by a set of specific IP addresses which in turn allows the attacker to send spam through the e-mail servers. Other examples include requesting users to disable software-based firewalls, add or open a network share, or allow peer-to-peer file sharing. The list can go on, but this gives an idea of what is involved in this type of attack.
Now, you may ask yourself, how would any one fall for this type of attack? Like most phishing attacks, these appear to be coming from a legitimate source such as a current vendor the business may use, etc. There are no suspicious identifiers. Also, they do not directly ask you to open or disable some form of protection; instead, it usually asks you in an indirect fashion and in a way that is not out of the ordinary for the vendor or company you believe is making the request. As always, if you are unsure or even a little suspicious, check with the legitimate vendor or source through another means. Don’t check by replying to the suspected phishing e-mail.
These type of e-mails are not new, per say. A number of years ago, I received e-mails regarding fake viruses which told the user to search for a specific file and if found, then delete it. In reality, the file was an essential system file and if deleted, the system either crashed or would not reboot. This new phishing attack is just a modification of this type of old e-mail scams or a merger of the two types of attacks. The consequences of falling for this scam, however, are greater that just having to repair an operating system like the older e-mail scams.
Related posts: