In The News‎ > ‎

Analysis of a Spear Phishing Campaign

posted Jun 27, 2014, 6:56 AM by Craig Cox   [ updated Jun 27, 2014, 6:57 AM ]
Do you really know who your FaceBook friends are?  Have you met each one face to face?

The FBI is warning federal agencies about a spear phishing scam.  The gist is that malicious actors posing as acquaintances get "friended" by their targets.  The bad guys then mine the FaceBook account for personal details that they can use to build a more convincing scam email.  Once the victim clicks the link in the scam email, the usual nonsense starts:  Compromise of the work computer account, access to work funds or trade secrets, control of organization computers, and so on.

This warning in the link mostly applies to military and cleared contractors; the bad guys seemed to be looking for strategic information.  But the tactics they used could be used by any malicious actor:  Crime syndicates that want corporate or municipal (or college) bank account credentials; identity thieves looking for lists of social security numbers.

So when your high school buddy from 30 years ago pops up a friend request, chat with them for a bit.  Make a phone call.  Make sure it really is the person you remember.  Catch up on old times and shared memories.  And if they don't remember watershed moments* or suddenly have a foreign accent, be watching for a very convincing scam email.

*Don't be too hard on memory loss, though.  Your humble author might not pass the memory test.