Spear Phishing aims at famous social networking websites

LinkedIn, a famous social networking website for professionals, has recently been the new target of “Spear Phishing”. Hackers customized e-mails with information they've found on LinkedIn, followed by sending e-mails with Trojan horses to steal usernames and passwords. Spear phishing is an e-mail spoofing fraud using social engineering techniques that target a specific organization, seeking unauthorized access to confidential data, such as personal bank details and business secrets. It can basically turn your PC into a zombie.

Cellopoint Global Anti-spam Center (CGAC) announced that these spear phishing messages titled as “We managed to export the list of business contacts you have asked for,” came from a legal website and the apparent source of the e-mail is an individual within the recipient's correct username and e-mail address. It is suspicious that LinkedIn might have divulged some personal information. The hackers choose to reveal recipients’ correct usernames and e-mail addresses in order to increase the credibility of the mail. Most users have got used to receiving the newsletters and notices from the trusted social networking sites and it causes difficulty to tell if they are true or false while dealing with these kinds of e-mails.

The e-mail-analyzing experts from Cellopoint pointed out that the probability of success of spear phishing is dramatically higher than the traditional phishing by junk mail. Most people can easily distinguish the general junk mail, but has no way to defend against a spear phishing attack, because the spear phishers usually hide in the dark and attack without any warnings. Except for the passive preventive and protective measures at present, the most important thing is to monitor the companies or organizations’ network. Especially to control and audit the content of any incoming or outgoing e-mails even if they are sent to an external or internal network. The mails must be scanned by appropriate auditing products to make sure there is no sensitive information leaking out. Even though one of the employee’s computers got hacked by Trojan horses, the e-mail auditing system can reduce the chance of leakage of sensitive data.