Phishers Using Holidays and Social Media to Target

Recent reports of “The Oak Ridge National Laboratory, home to one of the world’s most powerful supercomputers, has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.”

The sophisticated cyber attack was reported to be the lowly unsophisticated phishing email.

Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside.

The criminals behind these emails are doing their research on company websites finding key individuals to model and following up their research on Facebook and LinkedIn to make their phish emails more personal.

And while criminals are still targeting “whales” or CEOs of major corporations and their officers, they are using similar attacks on consumers, as well.

McAfee Labs discovered an attack this week with the subject line “Easter Greeting” that was spammed broadly and is currently hitting inboxes around the globe.  The e-mail that depicts a colorful picture of a bunny, chicks, and eggs has the subject line, “Easter Greeting From Alex.”  The clickable text at the bottom of the message reads “Download Animated Greeting Here” which is a booby trapped message that leads directly to malware and puts an infected PC under the control of the attacker who attempts to steal passwords and other personal information.

Since the threat has already been identified by McAfee Labs, McAfee software will protect customers against it.

This event is a good reminder for consumers to keep these basic computer safety rules in mind:

Don’t click on links in e-mail messages and be extra suspicious of messages like this Easter Greeting.  If you think it is legitimate, ask the supposed sender by sending a separate e-mail if they sent you a greeting.

Run a full, up-to-date suite of security software.

Ensure your operating system and other applications have the latest patches.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)