Threat Alert: Spear Phishing

"After three unsuccessful attempts to access your account, your Online Profile has been locked. This has been done to secure your accounts and to protect your private information. You may unlock your profile by going to: ..."

Sounds like a normal phishing e-mail, right? But what if the e-mail seemed to come from the head of IT at your small business, warning about your company account? Would you click the link?

Today's phishers hope so. In fact, the excerpt above didn't appear in the usual global barrage of e-mail sent out to catch recipients with eBay or PayPal accounts. Instead, it went exclusively to students and faculty of the University of Kentucky as part of a directed, or "spear-phishing," attack against the small, 33,000-member university credit union this May. Another widely reported incident involved an Israeli company that used spear-phishing techniques to install spyware on PCs at the office of one of its competitors. - Threat Alert: Spear Phishing

Linked by shanmuga Saturday, 1st October 2005 1:14AM