I think by now everyone has heard of the term phishing as the gathering information online on an individual or group of people. But today I read of a new type of phishing, spear phishing. Spear phishing is using information for pinpoint attacks.
It is apparently pretty successful because recent spear phishing attacks have “ensnared” several top U.S. government officials and RSA (you know the company that makes those SecurID tokens) and defense contractor Lockheed Martin (using information from hacked from RSA). According to a CNNMoney article, the attackers were able to trick people into opening email attachments that appeared to come from trusted sources or colleagues.
While we don’t know exactly how hackers were able to hack the government officials and RSA, we do know that many believe that social media sites, especially LinkedIn, serve as a hacker’s gold mine. According to the article, at a DefCon security conference where they staged a hacker game, Google and LinkedIn were the most widely used resources.
All it takes is getting the name of one of your coworkers and a well created email to get you to click on a link.
Everything is on the Internet, while I don’t want to discourage people from connecting to family, friends, colleagues and coworkers, but you may want to use some discretion when connecting. Obviously on Facebook you want to lock down your site. On LinkedIn, maybe you might not want to put down everything about your current job.