Spearphishing in the treacherous waters of the Internet
A Mr. Drew Biondi had an unfortunate problem recently with his Yahoo email account. Someone broke into his account and generated a mass email to all 600 of his contacts in his account. The Email was a variation of the infamous "NIgerian" spam scam where some quasi-officious Nigerian (usually a government minister) hits people up for money, sometimes as a prelude to collecting a large fortune. The latter is a variant of the 150 year old "Spanish Prisoner" scam.
Spearphishing is a personalized variant of phishing, in which an email appears to come from someone known to the recipient.
I expect to see the next big wave of phishing based on this technique. Enough personal information on all of us has been accumulated by now and correlated to email address to generate this kind of wave of personal attacks. I suspect that many people are going to be taken in when companies like Plaxo and Myspace get hacked or turn rogue and social networking info is all turned against us.
Posted on November 11, 2007
