What's New: Spear-Phishing Fools 15,000 Since February 2007

Security researchers at Verisign believe two groups of criminals have stolen information from 15,000 people since February 2007 with highly-targeted e-mail attacks. Traditional phishing technique is to sent millions of e-mails in hopes of fooling some people. So-called "spear-phishing" messages are sent to individuals and contain data such as their name or their employer's name to make them appear legitimate (all of the e-mail attacks studied targeted businesses). If the criminals can get users to click a link in the e-mail to visit a malicious web site, they can gain a back door into the person's computer to steal information.

Verisign reports that the number of spear-phishing attacks has risen dramatically over the past two months. Researchers theorize that the criminals have honed their techniques and are becoming more aggressive.

Example spear-phishing messages include e-mails that purport to discuss legal issues such as a subpoena, or messages supposedly from the IRS, U.S. Tax Court, or the Better Business Bureau.

Friday, Jun 6, 2008 09:54 am CDT

Tell a friend about this news item!

Return to the article list...