Phishing as an attack vector is nearly old as the Internet, spearphishing (targeting individuals via individually crafted emails meant to fool them into revealing information or downloading spyware) has been a favored attack technique for a good decade, and targeting senior executives (who have the most valuable information and access, after all) in what is called whaling has been an established technique for years.
Despite the long history of phishing attacks, employees — even top executives — keep getting fooled. There’s no real technology solution to this issue — maybe you’ll catch a spyware attachment, but it’s nearly impossible to detect from an email link sites that inject spyware. Once a person has been fooled, the criminal is in. In the case of whaling, the attacks are few and targeted, so they typically don’t get flagged by tools like OpenDNS and filtering that rely on seeing a swarm of suspect emails or entry attempts to identify a possible phishing attack.
To read this article in full or to leave a comment, please click here