Research and discuss recent spear phishing attacks. Identify any trends and cover specific strategies to prevent these attacks from occurring.
Phishing attempts are understood about fake Web addresses, e-mail or text messages that an Internet user uses to access and thus to commit identity theft by using the data obtained. A newer variant of phishing is called spear phishing which refers to a targeted attack. Internet sites for social purposes have also become targets for phishers, since much of the information provided on these sites can be used in identity theft. Some experiments have provided a success rate of 90 % in phishing attacks on social networks. In late 2006 a computer worm took control of some pages of the website MySpace achieving redirecting links so that pointed to a website designed to steal login information from users (Wager, 2005).
The traditional phishing is based on sending thousands of generic emails pretending to be from a bank or other organization that manages money in the hope of finding a member of that organization that is sufficiently unwise to respond to the invitation to provide their personal data. This new and dangerous form of attack, called spear phishing, instead, as it was is calibrated specifically on the victim. Of course, the spear-phishing attacks that hit directly undertakings require a lot more work than simply sending out thousands of emails posing as a consumer site.
There are examples of messages that appear to come from seemingly service provider or the respective company or simply email addresses of business partners or any related company. In such scenarios, phishers often send messages to groups of addresses, asking employees to update their account information or reporting such problems (of various kinds) to be solved. These messages have more credibility attacks to mass-oriented consumers as they appear to be sent from a trusted business partner (Quigley, 2005).
Although there is no specific method or strategy to be safe from the phishing attacks but there are several way one can prevent from being victim of such attacks. Users often believe that if a vendor is proving home address, phone number, social security number or other information, then you can trust the vendor and provide them more information. Such information can be found in the address books, phone directories that are available online. Thus, one should not trust such emails. Also, if a vendor provides the user with his password or security information, it still does not reveal that you can trust the vendor since a legitimate vendor would never reveal such information on email. Another point to take care of is never click the links in the email such as ebay.something.com. If you still think that you should be checking, visit the official website and then search for whatever is mentioned in the email. It is wise not to register personal details on any of these addresses or emails that look suspicious. Or in other case, even if it does not look suspicious, one ...