Phishers Are Improving Their Chances of Success with Targeted Attacks
by Paul A. Henry - Vice President of Secure Computing - Monday, 10 April 2006.
The same fine tuning by malicious hackers that has evolved into Targeted Phishing in the finance sector has also recently occurred at government departments and credit unions with credit union employees being the selected focus of the Phishing attack targeting the credit union. Again, by targeting a smaller group of email addresses and sending the emails out at a rate that does not trigger common security filter alarms, this new methodology used by Phishers has the potential to dramatically improve their chances of success.

The BlackHat community is well known for its ability to quickly communicate new ideas within the population for wreaking havoc on the Internet. Hence it can be a safe assumption that this the new targeted Phishing attack methodology will spread quickly across the Internet.

For individuals that are targeted in these attacks the typical steps to protect yourself from ordinary ID Theft still apply with minor modifications to meet the additional risks imposed with targeted ID theft:

  1. Be certain your PC's operating system is up-to-date with the latest security patches as well as your Anti Virus and Firewall software.
  2. No matter how official it looks never click on an embedded URL contained in any email even when it appears to come from your own organization. Manually enter the URL in your browser address bar for your banking and credit card websites.
  3. Do not fill in forms contained within email including those that may appear to come from within your own organization. Your personal financial information should never be sent by email. Only send your personal financial information via a secure website - verify that the URL contains https:// and that the closed lock appears on the lower right hand side of the browser for a secure website connection.
  4. Never click on an email attachment unless you know the sender and you were, in fact, expecting to receive the attachment.
  5. Monitor your banking and credit card accounts online and check for illegitimate transactions regularly.
  6. Use an online credit monitoring service that offers alerts when there are any changes to your credit report (i.e. new accounts and purchases).
  7. Register with a credit card security system that requires a password to authorize transactions, such as Verified by Visa or MasterCard SecureCode.
  8. Do not use the auto- fill facility on websites for credit card and other personal details.
  9. Use alternative secure online payment systems such as PayPal.
  10. Finally, common sense is your best defense-- if it looks too good to be true then it probably is.


For the organizations that are the subject of these attacks, beyond the typical best practices for network security, consider the following additional suggestions as additional risk mitigation for targeted ID theft:

Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //