Whaling: New Tactics in the Security Arms Race
Phishers are getting more sophisticated: instead of sending out a lot of generic phishing e-mail, they now send targeted messages to “the rich and powerful“ that installs trojan and key-logging software on the victim’s computer.
Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.
A link embedded in the message purports to offer a copy of the entire subpoena. But a recipient who tries to view the document unwittingly downloads and installs software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords and other personal or corporate information.
E-mail was not designed with security in mind, and I’m not convinced that security can be added this late in the game.
Via John Gruber.
