Oct 23, 2012
6 Most Evil Phishing Scams of 2012
IT can invest millions in advanced defenses, but it’s all out the window if an attacker waltzes in the front door using a valid password gained via some combination of con job and malware. All it takes is a clever phishing email that appears to come from an employee’s own IT department and, before you know it, the bad guys are in your network and either publicly wreaking havoc or stealthily making off with valuable data.
If your end users think of phishing as the ham-handed emails from Nigerian princes or barristers representing deceased wealthy Europeans who want to share their riches, you have a real problem. Today’s phishing expeditions are far more clever. Lures may look like they come from reputable businesses, such as PayPal, eBay or even an employee’s own bank. They could even appear to emanate from an internal address in the guise of looking for information, preying on the natural human desire to be helpful. Simply clicking a link, even if the victim doesn’t do anything once on a rogue site, could mean downloading malware or a keylogger, thus giving the bad guys easy access. And all it takes is one careless or naïve user.
Phishers are making use of social networks, using information gleaned from hacks—anything to get an edge. We’ll highlight throughout this report six of the most evil phishing attempts seen by an array of experts and how IT can defend against such insidious attacks. (S5891012)