FBI/IC3 warns of growing spear-phishing attacks

FBI: Spear-phishing more often than not begins with a targeted email

Criminal spear phishing attacks are on the rise, so much so that the FBI and Internet Crime Complaint Center issued a warning about them.

Spear-phishing more often than not begins with a targeted email that contains a malicious attachment threat tries to get the victim to open it. Often, the FBI said, e-mails contain accurate information about victims obtained via a previous intrusion, or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.

[NEWS: Quick look: 10 cool analog computers]

"Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software or malware harvests details such as the victim's usernames and passwords, bank account details, credit card numbers, and other personal information. The criminals can also gain access to private networks and cause disruptions, or steal intellectual property and trade secrets," the FBI stated.

The FBI notes that to avoid becoming a victim, keep in mind that online businesses, including banks and merchants, typically will not ask for personal information, such as usernames and passwords, via e-mail. When in doubt either call the company directly or open your computer's Internet browser and type the known website's address. Don't use the telephone number contained in the e-mail, which is likely to be fraudulent as well.

 A recent story by our sister site, the IDG News Service said that 91% of targeted attacks start with spear- phishing email, according to Trend Micro. Trend Micro said five key target organizations including government ministries, technology companies, media outlets, academic research institutions and non-governmental agencies.

 Threats are not new and IT departments have already seen various kinds of advanced persistent threats (APTs) or malware-based espionage attacks that have been around for years. Recent years have seen "noisier" campaigns within the security community, and now are learning to combat the emerging new and smaller campaigns.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

FBI/IC3 says online mug shot "extortion" a growing problem

Copper thefts measured in miles around Seattle

NASA trying to fast-track asteroid research and mitigation systems

FBI "Most Wanted" list names its 500th fugitive

To friend or not to friend: What if William Shakespeare had been a power Facebook user?

Carnegie Mellon video net brings Harry Potter Marauder's Map to life]

FAA wants all aircraft flying on unleaded fuel by 2018

After firestorm, TSA nixes notion to allow pocket knives in passenger carry-ons

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.