The aim of spear phishing is to trick the victim into opening the malicious attachment or click a link or a site with malware exploits
Spear phishing attacks on the Internet
It is one of the most extended techniques on the Internet and represents one of the greatest threats for businesses and users. 'Spear phishing', is called an attack launched against a specific objective. In this type of scam the Web criminal sends an email to employees of a certain company, supplanting the identity of an officer or member of the same. Request names of users, passwords, or any confidential information in order to gain access to the computer system of the company.
For the Ecuadorian David Andrade, specialist in new technologies, this form of attack is higher risk than other cyber scams Those who are behind these scams they get that emails appear to come from fellow labour and even the own company network administrators.
The ultimate goal is to trick the victim into opening the malicious attachment or click on a link to malware or a site with security exploits, thus initiating the commitment within the network of the victim.
All of this brings us to the question of which spear phishing is so successful, and is because criminals do their homework.
They treat the Internet as its own zone of large data sets and harvest small fragments of information from different places to combine in a very detailed profile of potential targets. There are huge criminal databases of data stolen. This week it was revealed that the Group of insurance at the national level in the United States.UU. they had personal data stolen Americans, including 1.1 million "the number of Social Security, driver's license number and/or date of birth and possibly marital status, sex and occupation, and the name and address of his employer."A couple of months, 3.6 million taxpayers in South Carolina he had stolen details (in itself through a phishing attack) of the Department of revenue.
Recent attempts to spear phishing, have attacked personal Gmail accounts of hundreds of officials from the Government, military personnel in the United States.UU. Asia, and activists in order to collect the content. Spear phishing allows hackers to control email user accounts for months.
A study on threats of this kind carried out by Websense Security, found the following: main findings: · 92 Percent of the e-mail not desired (spam) contains a URL.
· The total percentage of spam that can be considered phishing is approximately 1.62 percent.
· While this might seem like something little substantial, you can put in perspective by the fact that spam campaigns can reach more than 250,000 emails per hour and that the percentage of junk e-mail related to a virus was only 0.4 percent. Phishing attempts are superior to the malicious executables in the volume of electronic mail.
· United States continues to dominate the volume of phishing URLs hosted in that country.
The first 10 countries that host phishing URLs: * according to research carried out from September 2011 to September 2012.
1. United States
6. United Kingdom
10. Russian Federation
these targeted attacks do not seek economic benefits, if not of intelligence, and have become an important weapon in the battle of Cyber espionage being waged in secret through the network. According to Lobban, director of GCHQ, departments and agencies of Government British are the target of 1000 spear phishing attacks every month.
Since there is always the risk of being subjected to fraud online and email, here are talking about some ways in which it can protect if you think that the e-mail from a friend is actually a phishing attempt: make sure that your user name and password is safe: password to test cut makes it less susceptible to regular phishing attempts.
Change your passwords monthly. Although it can be difficult to remember passwords that are changed frequently, it contributes to guarantee their safety and sites as Sticky Password can help keep your passwords organized.
Beware of unusual alert messages. The success of cyber criminals do your research about you before sending such messages. They comb through web sites, blogs and other social networking sites to get an idea of what type of information can cause a rapid response. For example, the cyber criminal will use threatening subject lines and content of e-mail, as "your credit card has been suspended", only to attract to interact with them. Don't play their game.
In general, the web sites of banks, agencies and associations of students will never request personal information to be sent back via e-mail. And, if you have to fill out a web form that asks for personal information, consider going to the home page Bank by typing in manually in the browser web site, and update the information in that way. Otherwise, consider calling the Organization and talk to someone before you change personal information online.
Never click links in an e-mail message that requests personal or financial information. Instead, type the Web address in the browser window.
incoming email: implement a solution that checks the safety of a submitted link by e-mail when a user clicks on it. This protects against a tactic of new phishing I've seen of cybercriminals. Ill send a URL in an email with its objectives of achieving control of security of the Organization's e-mail enquiry. Another tactic is when injecting malicious code onto the site immediately after the delivery of the email address. This URL exceed any standard spam solution.
Set a reminder of automatic calendar to change their passwords every month, or at least every three months.
Check the code email address. Recommended do click in "show original" in Gmail that allows you to view the original source of the message. If you lines of text that are letters and numbers, that the code represents a phishing scam.
Don't send your phone number: cybercriminals are increasingly more creative. We have seen criminals increasingly targeted employees call and request information. For example, some criminals call and pretend are their help desk and you need to reset passwords. If in doubt, go to the source. If something seems off or you do not know the person, ask for your contact information and see in him.
Report of any email message that suspected he could be part of a "spear phishing" campaign directed against the company.
spear phishing traffic news