Phishing for Big Fish

Dennis Faas's picture

The most powerful and in most cases rich people in the United States are becoming lavish targets for online phishers. Emails disguised as reports from the Better Business Bureau, Internal Revenue Service, and random look-a-like business partners are fooling corporate executives, and it's costing them big.

We can't blame the boss entirely, however. This most recent phishing campaign is a well-designed one, perhaps because of its well-respected and lucrative intended audience. The emails, typically packed with malware, carry few of the red flags associated with most phishing outbreaks of this kind.

According to Dave Jevans, chairman of the Anti-Phishing Working Group, "When you get one of these things...they're so well crafted, they look real." (Source: computerworld.com)

So, what's the threat?

Like most phishing campaigns, this one attempts to snatch personal details, the most succulent of which are executive financial records and passwords. Those who open emails laced with infected attachments are unknowingly downloading malware that can soak up banking account information and other critical materials. Jevans believes it represents an opportunity for crooks that is far more rewarding than a few small purchases on a credit card, the typical phishing bounty. (Source: pcworld.com)

Why are so many being duped?

Given the size of the treasure chest, phishing pirates have devised an especially intelligent scheme. Emails include legitimate company and employee names, enough to catch most business users off guard. It's a significant change from the typical spelling and grammar horror story associated with most malware email threats.

The loss of vital records and log-in information isn't the only issue, either. Some of the attachments give phishing goons the ability to remotely control a user's entire machine, all the while navigating a hard drive for other goodies.

Although few middle-management or cubicle laborers will feel sympathy for the man (or woman) at the top, these phishing campaigns clearly represent an enormous hazard to the upper echelon, and in some ways the "heart" of America's corporations.

| Tags:
Rate this article: 
No votes yet