Social Engineering – Don’t fall for these email phishing attacks

Spear phishing is the term given to fraudulent malicious emails that attempt to infect your computing device and gain unauthorized access. The messages will appear to come from a trusted source such as a well known company often in the financial services or payment processing industries. In targeted attacks it is also common for the email to appear to generate from the recipient’s own company. Scammers that have done their research will know the names of high level directors which are commonly available online in annual reports. Their goal is to defraud you out of your money or intellectual property that keeps your business ahead of the competition.

Here are two timely examples that I happened to see in my spam inbox today:

Spear Phishing Example 1: Fake email posing as HSBC Bank

HSBC Account Holder,

HSBC is constantly working to increase security for all Online Banking users.
To ensure the integrity of our online payment system, we periodically review accounts. Your
account might be restricted due to numerous login attempts into your online account.
Restricted accounts continue to receive payments, but they are limited in their ability
to send or withdraw funds. To lift up this restriction, you need to confirm your online
banking details.

Notice that the scam is appealing to the need to stay secure and keep an account open. This was a broad attempt because I am not even an HSBC account holder but people fall for these type of scams every day and it only takes one lapse in judgement to have your device infected.

Spear Phishing Example 2: Fake email posing as United Parcel Service Notifications

Dear customer.

The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.
© 1994-2011 United Parcel Service of America, Inc.

I received about 6 copies with different tracking #s for this example so it is one of the more prevalent attacks circulating right now. There was a .pdf document attached that likely would have infected my machine if I would have let my guard down and opened this attachment.

Avoiding spear phishing scams takes cyber street smarts and for email users to constantly question if the document is legitimate and expected. Those with a trusting nature are at a disadvantage at an increased risk of becoming a spear phishing victim. Now that you have some information on two current spear phishing threats you should learn more about social engineering and how you can protect your personal and business interests  from this serious information security threat.

Help a friend by passing on these useful information security tips
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks