IBM Reports On Spear Phishers

FrenchyinOntario writes "IBM reports that while "regular" phishing is declining the black hats are now engaging in targeted spear phishing to glean as much information about a specific identity as they can for all the usual cybercrime reasons. It concerns authorities because the usual suspects - criminal and terrorist organizations - will want to take advantage of this, but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information, as opposed to eBay, PayPal, your bank, etc."

Slashdotted, mirror here

[winkydink]

click me, click me!

Re:Slashdotted, mirror here

[winkydink]

Karma has nothing to do with it. I do it for the sheer pleasure of annoying the heck out of people like you.

So the phishers have refined their tactics

[Trigun]

Didn't see that coming. Maybe their old tactics weren't working so well, so they had to adapt?
Naw, it's an intelligent design!

A way around this...

[ajiva]

There is one way around this, that's to go to the 3 large credit companies and tell them to "Freeze" your credit (I think it costs $5-$10). Anyway nobody can open an account in your name, and as long as you remember to "thaw" your account before getting a loan, you'll be ok. It's no perfect, and I'd argue that all credit information should be purged from people who don't need it (this includes SSN numbers). Heck none of this should even be on file...

aw, crud..

[werelord]

And this is probably the easiest fishing they'll be able to do.. Until companies are made liable for any damages that occurr when they "lose" their information, this will probably be an extremely easy method of fishing..

Social Engineering, anyone??

Another stupid cutesy technical term?

[Heffenfeffer]

'Spear phishing'? Oh great, what's next? Bass phishing - searching for orders made at koss.com Phly phishing - searching for info in TRL posts Net phishing - Oh, wait...

Multiple institutions *are* responsible

[MirrororriM]

but the chilling part is how your identity will now be dependent on multiple institutions protecting your personal information

The way I see it, all personal information I send to a particular company should be confidential and protected. Some if it they simply don't need. For instance, why the hell did the clerk at Hollywood Video ask for my SSN to open a damn account to rent movies?! They did not need my SSN and I sure as hell didn't give it to him either, but it makes me wonder how many people actually *have* given out their SSN just for a Hollywood Video account. Not good.

If a company does not protect my personal information and it gets stolen and/or misused, you bet your ass they'd see some backlash from me. The only bad thing is, it's hard to figure out exactly *which* company that held your personal information was compromised. It's certainly not like they're going to volunteer the fact that they were comprimised, otherwise you might take your business elsewhere (to a more responsible company). Just look at the millions of people who had their information on backup tapes "misplaced" by a UPS driver (posted on slashdot a while back) after the company was stupid enough to send that info via UPS to begin with.

Companies that have our personal information need to be held accountable on how they handle it and should be prosecuted to the fullest when they mishandle it.