Spammers get personal with 'spear-phishing'

Phishers appear to be increasingly targeting specific individuals by spoofing a known or trusted contact with access to confidential data in an attack dubbed 'spear-phishing'.

Phishers appear to be increasingly targeting specific individuals by spoofing a known or trusted contact with access to confidential data in an attack dubbed 'spear-phishing'.

Alyn Hockey, technical director at Clearswift, said spammers, including phishers, were developing more sophisticated methods to target the unwary computer user. Spear-phishing was one method.

"Spear-phishing is more targeted to particular individuals, pretending to be another individual who might have approved access," he said.

Hockey said an example might be an employee getting an email, addressed directly to him or her, that appeared to be from the corporate accounts department and asked for confidential data such as banking details.

In spear-phishing, that email would be a spoof and the employee could be tricked into sending confidential data outside the company where it could be used to facilitate theft, fraud or other criminal acts, he said.

Australian service provider Citec said in a statement that data from its security partner MessageLabs suggested phishers and other spammers were now working "more strategically". One technique proving more popular with wannabe cybercriminals was spear-phishing, it said.

MessageLabs claimed to have stopped about half a million spear-phishing attempts in June, almost twice the amount the company said it had stopped in the previous month, according to Citec.

Clearswift's Hockey said spammers were continuing to change their style and methods to stay ahead of the authorities. Some 80 percent of spam today was sent by zombie networks, which made it difficult to trace its source.

"Almost all phishing is through zombies," he said.

Another security vendor, Clearswift partner Commtouch, had found that a typical large spam attack comprised upwards of 100 million messages sent through thousands of zombies in an average 7.5 hours, Hockey said.

About 170,000 new zombie IP addresses appeared every day. Some zombie networks had been known to have 350,000 infected machines being controlled by one person, he added.

Meanwhile, MXLogic figures had suggested 64.4 percent of all email traffic globally was now spam, Hockey said.

Spam could deliver spyware with trojans, keyloggers, porn diallers and adware. Some serious spyware attacks have occurred, such as when 13.9 million MasterCards were hit through a breach at US third-party payments processor CardSystems Solutions, Hockey said.

"The data security breach, possibly the largest to date, happened because intruders were able to exploit software security vulnerabilities to install a rogue program on the network," he said.

No estimates of the total amount of funds stolen via this breach were available, Hockey said.