We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

15,000 caught by 'spear-phishing' attack

Two crime groups believed to be behind scam

Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted 'spear-phishing' email attacks, according to researchers at Verisign.

Verisign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95 percent of the incidents.

Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake websites, spear-phishing emails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by Verisign, victims are tricked into visiting malicious websites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.

Click here for Computex 2008 breaking news

After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.

Attacks have spiked over the past two months, said Matthew Richard, director of Verisign's iDefense Rapid Response Team. "The bad guys have really fine-tuned both the delivery methods... as well as their use of the data," he said. "All the emails target businesses in some form or another. "

In April, they launched their most successful spear-phish to date. A targeted emailing was sent to corporate executives, informing them that they had been sued. This attack worked well because it was novel, Richard said. "The subpoena one really took people off guard," he said. "Especially at the executive level. That fear of litigation certainly scared people."

In May, over 2,000 victims were compromised with spear-phish e-mails claiming to come from the US Internal Revenue Service, the United States Tax Court, and the Better Business Bureau, according to Verisign.

Verisign does not expect the spear-phishers to give up anytime soon."Now that they have developed this well-tuned system, they will just keep doing it over and over again" Richard said.

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Swatch launches a colourful smartwatch

IDG UK Sites

New Apple TV 2015 release date rumours: TV streaming service delayed, hand gesture interface being...