Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on March 28, 2007 11:59 AM.

The previous post in this blog was Change those default passwords.

The next post in this blog is Battling botnets.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Change those default passwords | Main | Battling botnets »

Spear phishing using the IT department as the lure

I just came across an article written earlier this month by Grant Buckler it ITBusiness.ca titled "Phishing lines crossed in the electronic ocean". In it, he outlines a new form of spear phishing attack which I can easily see growing in use. Here's what Grant said:
"
Clemens Martin, director of IT programs and the Hacker Research Lab at the University of Ontario Institute of Technology, recently gave a demonstration of spear phishing. Users receive an e-mail claiming to be from the company's IT department and formatted exactly like a real e-mail from IT. It says everyone has to change their passwords. In the e-mail is a link to what appears to be an internal Web site. Users click on the link and see a screen asking them to enter their old passwords, then to enter new passwords. Everything looks above board.

But the real destination of the link is not what users see in the e-mail — though it is real-sounding enough that those who spot the difference may still be fooled — and the Web site is a spoof hosted somewhere outside the company.

When a user falls for it, the phisher captures his or her user name and password, which can then be used to gain access to the company's systems.

With scams this sophisticated, fighting phishing is no longer just a matter of warning your mother to be careful about e-mail messages claiming to be from her bank.
"

I completely agree. Most enterprises are under the illusion that phishing is something that only happens to financial institutions. What they don't understand is that as organized crime rolls onto the scene, they are now using very sophisticated, targeted campaigns against many medium sized businesses. What can you do to reduce your risk?

1. Continually educate your employees about the danger of clicking on links in email or instant messages. This is how approximately 77% of online attacks start. By education, you can reduce the overall enterprise risk.

2. Continually watch for domain names that are very similar to yours. This should become a daily exercise in IT departments. When you find them, immediately let your users know that they may be subject to an attack.

3. Use many layers of authentication strength behind the firewall as risk grows.

4. Use transaction authentication around the enterprise crown jewels.

5. Use content filtering on all outbound traffic through the firewall to catch the precious jewels that are being stolen despite your best efforts.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on March 28, 2007 11:59 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/175

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)