Targeted Phishing is an evolution of the art and is easily pulled off:
Creating a list of prospective victims within an organization is easy. Freely downloadable tools like “Atomic Harvester” are available on the internet that allow anyone to scour the Internet in search of email addresses on web pages and in news group postings for any given domain (i.e. *@yourbank.com) in order to develop selection of high probability targets. Further, inadequately protected mail servers allow a phisher to easily harvest an organization’s entire email address directory by simply using a common command “Expand” that returns all of the individual email addresses used in common email group alias such as firstname.lastname@example.org or email@example.com
The same fine tuning by malicious hackers that has evolved into Targeted Phishing in the finance sector has also recently occurred at government departments and credit unions with credit union employees being the selected focus of the Phishing attack targeting the credit union. Again, by targeting a smaller group of email addresses and sending the emails out at a rate that does not trigger common security filter alarms, this new methodology used by Phishers has the potential to dramatically improve their chances of success.
The BlackHat community is well known for its ability to quickly communicate new ideas within the population for wreaking havoc on the Internet. Hence it can be a safe assumption that this the new targeted Phishing attack methodology will spread quickly across the Internet.
For individuals that are targeted in these attacks the typical steps to protect yourself from ordinary ID Theft still apply with minor modifications to meet the additional risks imposed with targeted ID theft:
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.