Data Breaches Could Lead to Spear Phishing
Recent massive data breaches could lead to increased spear phishing attacks in coming months, according to an Internet security specialist.
Spear phishing is the personalized version of phishing. Cyber fraudsters target a specific individual through emails aimed at luring that person, typically a C-level executive or other high-level employee with access to large amounts of funds, into providing access online.
In its First Quarter eCrime Trends Report, Internet Identity of Tacoma, Wash., said its analysis shows phishing scams up 12% compared to the first quarter of 2010 overall. And with millions of email addresses and other inside information apparently harvested by attackers in the Sony PlayStation Network and Epsilon breaches, targeted attacks could be rising, the company said.
“The worry is that with all of this specific data, cyber criminals have all they need to convince people to share their highly valuable personal information. Organizations must ensure they are taking every measure to stop these attacks including blocking access to phishing sites, and command and control domains for malware that exfiltrates data. This should be done in email filtering, firewalls, and at their domain name system resolvers,” said IID President/Chief Technology Officer Rod Rasmussen.
Rasmussen said the quarterly data also show that rogue mobile applications “utilizing the likeness of banks were downloaded hundreds of thousands of times.”