Legal Technology News - E-Discovery and Compliance Blog

« Picture This – No Text, No Retrieval | Main | Google Doesn’t Want To Be Googled »

September 28, 2011

Social Media Makes Good Spear Phishing Bait

Interesting article in the Wall Street Journal about criminals hacking corporate employees. Because companies are getting better at hardening the perimeters of their networks, the biggest security gap is now the end user.  

Hackers are aggressively exploiting well intentioned employees through so called spear phishing tactics. We have all experienced general phishing attacks in the form of the infamous Nigerian e-mail scams.

Spear phishing is a targeted and sophisticated form of phishing because the bad guy uses social Fish engineering via social media information to manipulate specific corporate employees into divulging confidential information or gaining access to corporate networks.

LinkedIn, Facebook, and Tweeter are used by criminals every day to harvest personal and corporate information that is then used to design and initiate a spear phishing attack against corporate employees. 

Additionally, employees often forward business e-mail to their persoal e-mail account for convenience or other reasons. Hackers looking for valuable corporate IP or information to use for a spear phishing attack, target personal e-mail accounts that don't provide the same level of protection as corporate accounts do.

For gmail users, here is how you can prevent your personal e-mail account from being easily hacked and exploited.

There is no easy prevention except vigilance and training. Some companies run regular spear phishing attacks against their own employees to find the easy prey that need more awareness training. Unfortunately, the security risks from social engineering does not have a technical answer.

Image: Clipart.com

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8345280a669e2014e8be2ba9e970d

Listed below are links to weblogs that reference Social Media Makes Good Spear Phishing Bait:

Comments

The comments to this entry are closed.

Sign Up for the E-Discovery and Compliance Newsletter

An Affiliate of the Law.com Network

From the Law.com Newswire

Sign up to receive Legal Blog Watch by email
View a Sample



Contact EDD Update


Subscribe to this blog's feed



RSS Feed: LTN Podcast

Monica Bay's Law Technology Now Podcasts are also available as an RSS feed.

Go to RSS Subscribe page




March 2013

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Blog Directory - Blogged