Cellopoint Prevents Sensitive Enterprise Information Leaks

Taipei–April 15 , 2008Ordinary email phishing activities no longer satisfy the appetites of hackers; what they are looking to catch now are the big whales. The Cellopoint Global Anti-Spam Center recently intercepted a number of phishing emails directed at enterprise CEOs claiming to contain a witness subpoena to appear in court. However, the email actually contained an executable file, which was a Trojan horse process that would seize computer data. Cellopoint Lab research discovered that the application of this type of socially engineered phishing email is extremely effective. And because the recipient is the CEO, the email is readily assumed to be genuine and thus opened for viewing.

When the email is opened, it automatically opens a hidden browser window on the recipient’s computer and installs malware, transmitting personal information, financial information as well as credential files. The data leak may or may not be small, however when it occurs on a CEO’s computer, the trade secrets that could be implicated would have serious consequences. Furthermore, with the stolen credentials and signatures, hackers can pose as the CEO and send out other phishing emails. Because they have signature authentication, phishing emails can easily gain the trust of others and produce even more deception. And in particular once the credentials of senior government organizations are compromised, hackers can issue official documents or administrative orders under an assumed name, damaging the public credibility of the government.

Cellopoint’s Data Leak Prevention Program scans all email content and attachments and is able to accurately determine whether the email contains data-collection malware, and block and isolate it at the email server, enabling the enterprise to avoid the threat of information leaks.