EmailSafety.net - Whaling: Latest e-mail scam targets executives

Whaling: Latest e-mail scam targets executives

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Other stories on this topic

Warning: Mortgage foreclosure rescue scams growing rapidly

Antiphishing education requires real-world techniques
10/08/07

Can you spot a phish? Play Carnegie Mellon’s game and see
09/25/07

Spam that delivers a pink slip
11/01/06

Security Standard Top Stories

NEWS

VIDEO: What concerns attendees

How Boston College recovered from a big data breach

Cisco extends NAC gear
Plus: Cisco says acquisitions don't impede best-of-breed

9/11 security lessons lost on businesses?

Data-leakage prevention tools catch errors, not theft

FBI cybercrime fighter lauds CAN SPAM, international efforts

ISSUES

Why can't CIOs and CSOs just get along?

Assessing the countless security threats

Regulatory-compliance demands put IT on the spot

The dos and don'ts of data breaches

How to create a computer-emergency response team

Are security pros worrying about the right stuff?

Community

Stevens, Columbia and IBM Research to hold Security and Privacy Day, Nov. 16

RE: NAC's dirty little secrets revealed by early adopters

RE: VoIP security industry: Guilty as charged

All security forums

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

According to security vendor MessageLabs, targeted phishing – e-mail scams that are directed at certain employees at an organization or members of a group, also called spear phishing – has grown significantly in the past two years. In 2005, the company would see roughly two targeted phishing e-mails per week; the company now sees roughly 10 per day, according to Paul Wood, senior analyst with MessageLabs.

New! Watch this Network World Webcast - Webinar: Securing up network access

Earlier this year, the company spotted two outbreaks of what is now being called whaling. In these scams, phishers find the name and e-mail address of a company’s top executive or handful of executives – often information freely available on the Web – and craft an e-mail specific to those people and their role at the company. The e-mail attempts to lure the executives into clicking on a link that will bring them to a Web site where malware is downloaded onto their machine that can copy keystrokes or ferret out sensitive information or corporate secrets, according to Wood. The e-mails purport to be from the Better Business Bureau to alert the executives of a complaint posted on a Web site, or from a recruitment company or information about an invoice, Wood says.

In June, MessageLabs’ hosted e-mail security service caught 514 e-mails bound for its customers all targeted at C-level executives in various organizations in a two-hour period. In September another blast consisted of 1,100 whaling attacks within 15 hours. The company believes the same organization is behind the blasts.

What’s unique about whaling is its reliance on research and social engineering. Traditionally spam, and to some extent phishing, depends on reaching the greatest number of people with the smallest amount of effort, considering the response rate to these e-mail abuses tends to be miniscule but still enough to make the practice worth it. With whaling, the sender must do some upfront research about the target as well as the subject in order to craft an e-mail that sounds convincing, says Wood.

1 | 2 | Next >

Recent News:

· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered

Site Map | Recent News | Related Sites