Interesting article in the Wall Street Journal about criminals hacking corporate employees. Because companies are getting better at hardening the perimeters of their networks, the biggest security gap is now the end user.
Hackers are aggressively exploiting well intentioned employees through so called spear phishing tactics. We have all experienced general phishing attacks in the form of the infamous Nigerian e-mail scams.
Spear phishing is a targeted and sophisticated form of phishing because the bad guy uses social engineering via social media information to manipulate specific corporate employees into divulging confidential information or gaining access to corporate networks.
LinkedIn, Facebook, and Tweeter are used by criminals every day to harvest personal and corporate information that is then used to design and initiate a spear phishing attack against corporate employees.