Phishing Campaign Targets U.S. Gov't Employees
United States government employees are being told to avoid placing too much personal information on social media sites or other public pages. Phishers recently used that sort of data to target public workers in the energy sector.
A phishing campaign involves using fake forms and websites to lure victims into providing sensitive personal information, from names and addresses to credit card data.
Conference List Used for Email Attacks
According to reports, phishers used a public list of conference attendees to attack public energy sector workers. The conference list provided the phishers with names, email addresses, organizational affiliations, and even job titles.
The hackers then used this information to construct a highly specific phishing campaign. This involved malicious emails sent to people who attended the conference.
The phishers used the list information to pose as a conference attendee and send emails requesting recipients click on an attached link. That link took victims to a site that installed malware on their computers.
The good news: it doesn't appear anyone fell for the trap. "Luckily no known infections or intrusions occurred," noted the Department of Homeland Security (DHS) in a recent statement. (Source: pcworld.com)
DHS Warns Against Posting Personal Data Online
To prevent similar strategies from working in the future, the DHS is warning all public sector employees to take care with the information they post online.
"Publicly accessibly information commonly found on social media, as well as professional organization and industry conference Web sites is a recognized resource for attackers performing reconnaissance activities," the DHS noted in its recent Industrial Control Systems Computer Emergency Response Team (ICS-CERT) report. (Source: gsnmagazine.com)
The DHS hopes that not only will public employees limit the amount of information they post to the web in the future, but that they'll contact web sites that have posted personal information about them in the past and have that data removed.
Of course, these are useful tips for everyone, and not just public employees. Remember that posting personal information online does provide hackers with the tools to target you in the future.
How to Fix: Windows 10 Upgrade Failed Error 80240020
Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- No Service Packs For Windows 10; Support ends 2025
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Windows 10 to Natively Support iOS, Android Apps
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?