Corporate executives should think twice about the information they disclose on social networking sites such as Facebook, a Hong Kong-based security company warned Friday after duping gullible CEOs and finance directors into revealing personal details that could be used for so-called spear-phishing attacks.
Network Box, which makes and sells threat prevention appliances, recently conducted an experiment to see how difficult it is to glean important information from business executives.
"We were asked to see if we could gain information about individuals without having a real-life link to them," said Simon Heron, Network Box's managing director, in an e-mail. "We used a fake Web mail account to create a fake Facebook account. With this, we approached individuals who we knew to be in quite senior positions and simply asked to be their friends, explaining that we knew them while at school."
The results would make an identity thief proud. Several of the targets, explained Heron, gladly accepted the request from the bogus "friend," giving Network Box access to their profiles, which in turn could be mined for the kind of personal information necessary to make very targeted phishing e-mails convincing.
"We found personal details, including dates of birth, mobile phone numbers, home addresses, company name and job titles, and even [a] mother's date of birth," said Heron. "If [you] wanted to go spear phishing, knowing your prey has money is key, as well as how to target them. If you know they are a CEO or [finance director], then you know they will be vulnerable about getting complaints about the company. We can then target them to download documents with malicious code embedded or get them to visit an infected site."
Criminals will go to great lengths to obtain the information they need to craft a spear-phishing attack, if only because the targets -- high-profile company executives who have access to a firm's most important secrets or data -- are so lucrative. One of the most egregious examples of spear phishing in the last year was the follow-on spam campaign that cybercrooks launched after looting Monster.com's database, making off with information on 1.3 million people who had posted resumes on the popular job search Web site.
Heron recommended that executives steer clear of all social networking sites, and that companies remind all employees to refrain from posting company information on such places.
"Any con can be a lot more successful if the con artist has personal information about the target," Heron concluded.
- +
How to Get Real About Strategic Planning 04/02/2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Toxic Mix or Bit of a Mixed Blessing? 31/12/2007 10:36:30
“Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . ” The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare’s Macbeth, but even so it makes “for a charm of powerful trouble”"Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . " The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare's Macbeth, but even so it makes "for a charm of powerful trouble"
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Solve Exchange Mailbox Storage Issues Once and for All
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Discover the advantages of an open architecture multi-vendor network solution
Security Inside Out
Email Archiving 101—Customer Case Study
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Cutting printer costs
Strategies for Eliminating .PST Files
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Delivering the Power of Choice with Microsoft Dynamics CRM
Join Ed Thompson, Research VP, featured analyst firm, Gartner, Inc., and Brad Wilson, General Manager CRM Microsoft Dynamics, for a new webcast, Delivering the Power of Choice with Microsoft Dynamics CRM, available now. Our panel will break down the best practices for getting the most out of CRM and you'll learn key recommendations you can implement in your organization. Additionally, you'll also hear Microsoft's vision for CRM.
Buying Guides
Latest Products
Buying Guides
