SPONSORED BY:
SECURITY

Spear Phishing

NEWSWEEK
From the magazine issue dated Feb 19, 2007
 

Email To A Friend

Please fill in the following information and we'll email this link.

Separate multiple addresses with commas

SPONSORED BY
 

Phishing is a game of numbers. Fraudsters pump out thousands of e-mails that persuade some recipients to click a link to, say, a phoney financial institution's Web site, where they divulge bank and credit-card details. Because Internet users are wising up, phishers have devised a new approach: "spear phishing," with barbs customized for each victim.

Spear phishers gather information, usually on the Internet, about an individual, and then craft a personalized e-mail more likely to dupe the mark. According to the FBI, the personalization method has proved so profitable that a significant number of spear phishers, principally located outside the United States, began applying it to death-threat extortion e-mails for the first time last December. FBI spokeswoman Cathy Milhoan says the problem is "huge."

Here's how it works: A spear phisher collects information on an (often wealthy) individual, then writes a chilling e-mail. The sender, posing as a hit man, offers to spare the recipient in exchange for a large sum of money. If the ploy doesn't work, the target receives a second e-mail, purportedly from the police, explaining that his or her name and address were found on a recently arrested murder suspect. "The victim gets scared, gets paranoid, he gets a lot of things," says Alan Paller, a cybercrime expert with the Bethesda, Maryland, SANS Institute who has testified before the U.S. Congress on the matter. The target provides personal details--including financial data--to aid theinvestigation.

Traditional extortion often involves tailing targets and staking out their homes to obtain the particulars--such as the appearance of a victim's daughter--that render threats credible. Today much of that information is easily gleaned from the 'Net. Dan Vogel, an Edmond, Oklahoma, former FBI profiler, says social-networking Web sites such as MySpace are "fueling" the trend.

Nobody knows how many threats reap payoffs. But the number of victims will likely increase, says Bill Westhead, director of Crime Scene House, a Lancashire, England, consultancy that advises law-enforcement agencies. Online extortion is popular because criminals' chances of getting caught are "vastly reduced," he says.

Although most death threats are bogus, law-enforcement agencies still have to sort through them all. The result: more bona fide threats, buried in the surge of shams, may escape police scrutiny.

© 2007

Label

Newsweek Top Stories
Visions of a Decade
Visions of a Decade

From 2000-2009, one photo per month.

The Failure of Copenhagen
The Failure of Copenhagen

Why there could be a silver lining in a failed climate treaty.

Sex Scandals of the 2000s
Sex Scandals of the 2000s

From John Edwards to Mark Sanford, the decade's memorable affairs.

118 Days in Hell
118 Days in Hell

A NEWSWEEK journalist recounts his captivity in Iran.

Discuss

Sponsored by

My Take

Customize the NEWSWEEK homepage
to feature your favorite columnists.

Customize Now
 
The Greediest People of All Time
From Bernard Madoff to AIG, Wall Street has reinvented excess. But the Masters of the Universe didn't invent greed. A look at the despots, robber barons and others who made our shortlist.
Are We All Socialists Now?
Photos: What About Us?
What CEOs Got Away With
The Rich Behaving Badly
The Biggest Economic Blunders
Blog: The Wealth of Nations
 
 
PHOTOS
Wall Street's problems have captured the attention of Congress, the White House and the media. But on the country's Main Streets ordinary folks are wondering if anyone is paying attention to them. A look at how Americans are coping with the economic crisis.
Photos: Kicked Out, America's Housing Crisis
Photos: What CEOs Got Away With
Photos: Recession-Proof Jobs
The Economy: How Worried Should You Be?
For the latest coverage, click here.