SECURITY

Spear Phishing

NEWSWEEK
From the magazine issue dated Feb 19, 2007
 
See All
 
  • 0 Add Yours
  • 0
  • Share:
  • digg it
 
 
 

Email To A Friend

Please fill in the following information and we'll email this link.

Separate multiple addresses with commas

 

Phishing is a game of numbers. Fraudsters pump out thousands of e-mails that persuade some recipients to click a link to, say, a phoney financial institution's Web site, where they divulge bank and credit-card details. Because Internet users are wising up, phishers have devised a new approach: "spear phishing," with barbs customized for each victim.

Spear phishers gather information, usually on the Internet, about an individual, and then craft a personalized e-mail more likely to dupe the mark. According to the FBI, the personalization method has proved so profitable that a significant number of spear phishers, principally located outside the United States, began applying it to death-threat extortion e-mails for the first time last December. FBI spokeswoman Cathy Milhoan says the problem is "huge."

Here's how it works: A spear phisher collects information on an (often wealthy) individual, then writes a chilling e-mail. The sender, posing as a hit man, offers to spare the recipient in exchange for a large sum of money. If the ploy doesn't work, the target receives a second e-mail, purportedly from the police, explaining that his or her name and address were found on a recently arrested murder suspect. "The victim gets scared, gets paranoid, he gets a lot of things," says Alan Paller, a cybercrime expert with the Bethesda, Maryland, SANS Institute who has testified before the U.S. Congress on the matter. The target provides personal details--including financial data--to aid theinvestigation.

Traditional extortion often involves tailing targets and staking out their homes to obtain the particulars--such as the appearance of a victim's daughter--that render threats credible. Today much of that information is easily gleaned from the 'Net. Dan Vogel, an Edmond, Oklahoma, former FBI profiler, says social-networking Web sites such as MySpace are "fueling" the trend.

Nobody knows how many threats reap payoffs. But the number of victims will likely increase, says Bill Westhead, director of Crime Scene House, a Lancashire, England, consultancy that advises law-enforcement agencies. Online extortion is popular because criminals' chances of getting caught are "vastly reduced," he says.

Although most death threats are bogus, law-enforcement agencies still have to sort through them all. The result: more bona fide threats, buried in the surge of shams, may escape police scrutiny.

© 2007

  • Share:
  • digg it
  • Del.icio.us
  • Stumble It!
  • submit to reddit
  • Fark It!
  • Newsvine

Discuss

Sponsored by
 
See All
 
 

Up and Coming Newsweek Stories on Digg

Discover more Newsweek content on Digg
 
 
The Greediest People of All Time
From Bernard Madoff to AIG, Wall Street has reinvented excess. But the Masters of the Universe didn't invent greed. A look at the despots, robber barons and others who made our shortlist.
Are We All Socialists Now?
Photos: What About Us?
What CEOs Got Away With
The Rich Behaving Badly
The Biggest Economic Blunders
Blog: The Wealth of Nations
 
 
PHOTOS
Wall Street's problems have captured the attention of Congress, the White House and the media. But on the country's Main Streets ordinary folks are wondering if anyone is paying attention to them. A look at how Americans are coping with the economic crisis.
Photos: Kicked Out, America's Housing Crisis
Photos: What CEOs Got Away With
Photos: Recession-Proof Jobs
The Economy: How Worried Should You Be?
For the latest coverage, click here.