The Norman Transcript

September 30, 2012

Spear phishing emails work all too well


The Norman Transcript

NORMAN — By now, most of us have seen so-called “phishing” emails, designed by scammers to separate us from our money. These messages look legitimate, as if they are from bona fide companies trying to protect us, directing us to login and “verify” our online accounts. They are, of course, totally fake.

For the past few years, more sophisticated phishing email scams have appeared, called “spear phishing.” The word “spear” has been added because these bogus emails are much more targeted and focused in their approach, including personal details such as your name, the company your work for, and even your street address. In addition, they seem to come from someone you actually know. Spear phishing is proving to be a much more lucrative con than old-fashioned phishing.

Spear phishing’s success is in the details. Would a spear phishing attack fool you? Imagine your name is Bob Everyman and you work for Acme Widgets at 123 Main Street. You get an official-looking email from “John” in the Acme Widgets I.T. department that says, “Dear Bob Everyman. We have noticed increased spam activity on the company network, with spammers trying to access company email accounts. To end this problem, we are issuing new passwords for all email accounts.”

“Please reply to this message by sending us your current password and we will issue you a new alpha-numeric password for your email account. Thank you for helping enhance email security at Acme Widgets.” The message is signed by “John Jones, Acme Widgets I.T. Department” and includes the correct company address and phone number. Plus, the company logo is right there at the top of the message.

Would you do it? Would you send “John the I.T. guy” your password?

Computer security guru Bruce Schneier, quoted by the New York Times, describes the situation like this: “It’s a really nasty tactic because it’s so personalized. It’s an e-mail from your mother saying she needs your Social Security number for the will she’s doing. This is hacking the person, it’s not hacking the computer.”

Research by security firm FireEye has noted that spear phishing emails often try to trick the recipient into downloading dangerous attachments seemingly related to some sort of important mail delivery or parcel shipment. Shipping and postage-related words are some of the most common words included as part of the names of these attachments.

Popular attachment names used by the bad guys include DHL document.zip, Fedex_Invoice.zip, and Label_Parcel_IS741-1345US.zip. Also popular are words like notification, delivery, label, invoice and post.

“One way cybercriminals fool users is by sending files purporting to be notifications about express shipments,” FireEye states in their research. “Given the ubiquity of these services, and their inherent importance and urgency, users are being compelled to open malicious files labeled with shipping-related terms.”

The Federal Trade Commission manages a website called Onguard Online, which has some good ideas on computer safety. The website has an amusing game you can play to test your spear phishing IQ at onguardonline.gov/media/game-0011-phishing-scams. There are also some clever videos that are good for a laugh, as well as good information; take a look.

Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.davemoorecomputers.com.

For local news and more, subscribe to The Norman Transcript Smart Edition, or our print edition.