Beware: Spear Phishing

Safe Surfing:

Links to recommended reading about Safety, Monitoring and Filtering
 

Go To:

Back to INDEXUGN Home PageSubscribeSubmit ArticleSubmit ReviewContact

Go for it...

 

FIGHT SPAM:

Contact Senators Your Representative - - - - -

Phishers with Sharp Weapons

(Please reprint in your newsletter)

May be the next worst thing
      It's been about two years now since I first began talking about the online crime known as Phishing. Now, the criminals have honed their phishing tools into spears and are targeting unwary computer users with a very pointed weapon.

Phishing was bad enough. Online criminals committing multiple crimes by spamming millions of users then posing as favorite ecommerce institutions to steal their customers' identities. Known as the "spoof" most phishers set up fake web sites that look exactly like the users trusted web site -- eBay, PayPal, SouthTrust, and others -- and then harvest IDs and passwords for breaching private accounts. The email is fake, the links fake, the web site fake, all intended to lure in unsuspecting users.

All along, the phishing has continued to develop better ways of prying sensitive info from users. Huge networks of compromised systems (botnets) now use increasingly sophisticated techniques to probe deeper and deeper. (Study: Phishers Get More Sophisticated) But evidently the spam shotgun blasts weren't taking in enough suckers.

Now the phishers are sharpening their spears, using fake e-mails, posing as powerful executives of the targeted organizations, demanding the employee render their IDs and passwords as well as other sensitive details that can be used in identity theft. It's referred to as Spear Phishing.

Employees, fearing losing their jobs, see the (forged) sender address and (forged) reply-to address and think it must be real -- handing over their identity on a silver email. According to one article (among dozens) from eWeek last week, MessageLabs reports that they now typically see two attacks a week. The criminals do their homework, learn the company executives names and addresses and fire off an attack to that specific company or government agency. Upon gaining the password, the criminal is free to gather sensitive data from the users' computer, steal email address lists for spamming, and even plant spyware, zombies or Trojans on the user's machine. UK's NHTCU, (National Hi-Tech Crime Unit) has observed compromised machines are reporting back to Internet addresses in the Far East -- another development of grave concern for national security.

At least two Phishers go to jail

The good news is, at least the NHTCU is on the case. They snagged two virulent phishers last June who now have been sentenced to a combined 10 years in prison. Douglas Havard (U.S. citizen) and Lee Elwood (United Kingdom) were both found guilty of conspiracy to defraud and conspiracy to launder money.

According to this Paul F. Roberts article, the criminals' UK-based syndicate had links to Eastern European identity-theft rackets that is believed to have raked in over 6.5 million pounds over two years. According to NHTCU these thugs were frequenters of online communities that traded stolen credit card data -- uncovered by U.S. Secret Service (Operation Firewall) which targeted sites like Shadowcrew.com, Carderplanet.com and key members of the online carding community.

Best advice? If you get a demanding email from the boss, don't open it -- call upstairs to the head-honcho's office and ask what's up. If they don't know, be sure to tell them.

Forward ALL email Phishing attempts to:
      * spam@uce.gov
      * reportphishing@antiphishing.org
      * eBay Phishing: spoof@ebay.com
      * PayPal Phishing: spoof@paypal.com
      * Wachovia: (888) 647-3648
Protect Yourself at all times just don't open it!
      * Take Charge: Fighting Back Against Identity Theft [FTC PDF]
      * What To Do If Your Personal Information Has Been Compromised

References:
      * The Internet Spyware (I-SPY) Prevention Act [PDF]
      * H.R. 744 provides funding for anti-spam law enforcement
      * Is Someone "Phishing" for Your Information?, or [PDF]
      * How Not to Get Hooked by a 'Phishing' Scam, or [PDF]
      * Spyware, or [PDF]
      * See: FTC Internet Crime Alerts

Please add your comments or recommend good links.

UGN Site Navigation:

Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director

CREDITS:

Reviewed by Fred Showker for the User Group Network News Service. (C) 2005, all rights reserved. Affiliate groups may freely republish this piece so long as they include the tag line: "From the User Group Network News Service at http://www.user-groups.net/ " ... Event dates are subject to change. Some products, programs, or promotions are not available outside the U.S. Prices are estimated retail prices and are listed in U.S. dollars. Product specifications are subject to change. Apple, the Apple logo, Mac, Mac OS, Macintosh, Power Mac, Velocity Engine, FireWire, AirPort, Safari, Sherlock, QuickTime, iLife, iTunes, iChat, iPhoto, iMovie, iDVD, iCal and Apple Store are either registered trademarks or trademarks of Apple. Other company and product names may be trademarks of their respective owners. Mention of third-party products is for informational purposes only and constitutes neither a recommendation nor an endorsement.

 

The User Group Network is a member of: The Association of Apple Computer Users & Groups, the MUG News, and is sponsored in part by: The Design & Publishing Center, The News Serve Network, and the Designers' Bookshelf. The User Group Network is the first, and the original user group network for computer users everywhere including, Apple, Mac-Pro, User Group Organization to support Macintosh, IBM PC, Microsoft, Compaq, Amiga, BE/OS, Linux, UNIX, and other leading computer platforms. Hosting services are provided by The Graphic Design Network to serve the computing community. For information about the UGNetwork, to get involved or have your own groups' home page located at user-groups.net, please contact us. Copyright 1994 through present. This site is maintained in the community interest by The Graphic Design Network c/o Showker Graphic Arts & Design, a Corporation of the Commonwealth of Virginia, Commonwealth of Virginia, 22801, Harrisonburg, VA, in the Shenandoah Valley of Virginia, established in 1972.