Phishing Campaign Targets U.S. Gov't Employees
United States government employees are being told to avoid placing too much personal information on social media sites or other public pages. Phishers recently used that sort of data to target public workers in the energy sector.
A phishing campaign involves using fake forms and websites to lure victims into providing sensitive personal information, from names and addresses to credit card data.
Conference List Used for Email Attacks
According to reports, phishers used a public list of conference attendees to attack public energy sector workers. The conference list provided the phishers with names, email addresses, organizational affiliations, and even job titles.
The hackers then used this information to construct a highly specific phishing campaign. This involved malicious emails sent to people who attended the conference.
The phishers used the list information to pose as a conference attendee and send emails requesting recipients click on an attached link. That link took victims to a site that installed malware on their computers.
The good news: it doesn't appear anyone fell for the trap. "Luckily no known infections or intrusions occurred," noted the Department of Homeland Security (DHS) in a recent statement. (Source: pcworld.com)
DHS Warns Against Posting Personal Data Online
To prevent similar strategies from working in the future, the DHS is warning all public sector employees to take care with the information they post online.
"Publicly accessibly information commonly found on social media, as well as professional organization and industry conference Web sites is a recognized resource for attackers performing reconnaissance activities," the DHS noted in its recent Industrial Control Systems Computer Emergency Response Team (ICS-CERT) report. (Source: gsnmagazine.com)
The DHS hopes that not only will public employees limit the amount of information they post to the web in the future, but that they'll contact web sites that have posted personal information about them in the past and have that data removed.
Of course, these are useful tips for everyone, and not just public employees. Remember that posting personal information online does provide hackers with the tools to target you in the future.