Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the emails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization.
Some attackers have become so sophisticated in their efforts that they research known employees on Internet social sites and then craft an e-mail that appears to come from someone who is known to the intended target.Spear-phishing attacks are efforts to get employees to click on e-mail attachments.
Generally speaking I sure hope that people aren’t blindly opening attachments just because an e-mail appears to come from someone they know. Everyone does realize that it is possible to fake an e-mail’s from address, right?
In my previous post I mentioned the data breach that occurred in Utah based on a weak password that was used. Both of these events highlight the need for a privileged account management product like Quest One Privileged Password Manager. It’s not enough to simply rely on an e-mail looking like it comes from a friend or co-worker. You need multiple levels of protection in your organization to protect your critical data and systems.
Like this post? Please +1 it or tweet it (below)!
1 comment:
I read this one too, and I wonder when we (rather, the targeted employees) get to the point that they simply can't trust external email any more and must take a step back and start using, say, the phone? (Where they can do wetware voiceprint authentication of the source)
Post a Comment