|
The Increasing Threat of Spear Phishing
Phishing is the sending of electronic messages (e-mail or instant messages) that attempt to fool the recipient into disclosing private information. Most people have received such messages alleging to be from a financial institution directing the recipient to a particular fraudulent Web site. Spear phishing is a highly targeted form of phishing in which locally relevant facts are used in an attempt to gain the confidence of the recipient.Recently, a pair of attacks against employees at Oak Ridge National Laboratory was very successful. One message claimed to be from a Federal Trade Commission investigator; the other invited employees to register for an internal conference. In total, more than 1,000 people were tricked by those messages.
Similar attacks have been reported against a large number of universities. In many cases, the targets of the attacks were university administrators or researchers. One of the goals of the attackers appears to be gaining access to research data and research computing facilities.
Employees should never include private information in a reply to an unsolicited message, even one that appears to come from a known source. Additionally, Web links included in unsolicited messages can be deceiving. It is better to retype the URL into a Web browser than to trust a “hot link” that may not go where it claims to go.
This is not a Microsoft, Macintosh, or Linux issue. It is about exploiting human trust. For more information on spear phishing and protecting oneself, please visit the Microsoft “Protect Yourself” Web site. It can be reached by entering www.microsoft.com/protect/yourself into your Web browser.
 |
ITforUM is the Information Technology Newsletter for the University of Maryland, published by the Office of Information Technology. Letters to the editor and article suggestions are welcome. Please send correspondence to ITforUM@umd.edu. Staff Credits | Archive. © 2008 University of Maryland. |