I understand the concept of Internet phishing and newer Web browsers sometimes ask me if I want to check whether a Web site is a phishing site, but what the heck is Internet Spear Phishing?
*Phish: n., A person who will click an unsolicited e-mail link based on assumption. (see mirror).
I understand the concept of Internet phishing and newer Web browsers sometimes ask me if I want to check whether a Web site is a phishing site, but what the heck is Internet spear phishing?
Spear phishing is precisely timed and targeted e-mail phishing. Phisherpersons shine attractively bright lights above the surface so that phish will gather closely to be easily speared. Recent greeting card and employment solicitation e-mail scams have been used to lure Internet users into providing personal information and opening their systems to malware infestation. Infected Web ads linked back to servers with information acquired from topic-focused community and commercial Web sites, tied together by self-modifying variants of the Storm e-mail worm and the PRG Trojan, appear to be being used in concert to infect workstations for botnet expansion and to collect personally identifying information for financial exploitation. Existing information is used to craft e-mails designed to catch targeted victims’ interest so they will open the e-mail(s) and click one or more of the links contained inside. Keep your antivirus software up to date. There is still a place for plain text e-mail in one’s personal security posture. Pocket computers are especially vulnerable as the operating systems and applications typically hide access to e-mail headers and raw URL href text that can be used to determine whether to trust that an e-mail is valid. Just say no to responding to unsolicited e-mails from unknown sources. Spear phishing only works when the phish come to the surface. Stay smart. Question authenticity.