Whaling and spear phishing are latest scams targeting execs
Not surprisingly, according to security vendor MessageLabs, the latest targets are executives. Finding the names of top executives is easy - they're usually found on company websites. Cybercrimals then do some research on the individuals and write e-mails that directly relate to their role at the company in hopes that they will click on a link, Network World reported. The link brings the executives to a site where malware is downloaded onto their computers that tracks their keystrokes, which can reveal sensitive information.
Source: Sans Institute.
"It's really the social engineering that has tipped the balance now; now [phishers] are becoming much more technologically sophisticated as well as applying psychology to what they're doing," said Paul Wood, senior analyst with MessageLabs. "Now they conduct a lot of research before they attack, so it becomes much more difficult to recognize those attacks," Network World reported.
Jennifer Openshaw, a MarketWatch columnist, has a few tips on sniffing out bad e-mails. Beyond the obvious advice - don't reply to suspicious e-mails or open attachments - she advices always using good antispyware and making sure your firewall is on at all times. Also, she said snopes.com is a good resource to find out if some sob story is really true, and phishing scams should be reported to the Anti-Phishing Working Group (APWG) at firstname.lastname@example.org . She also suggested typing in "phishing" and the name of the source, "IRS" or "Paypal," for example, into your search engine. You can find out if your e-mail is a scam pretty fast that way, she writes.
The APWG reports some good news, however. In a July report on trends, it said the average time online for phish sites is about 3 and a half days, versus a week in 2003. The APWG says, "Response strategies are slowly closing phishers' felonious windows of opportunity."