DHS warns of spear-phishing campaign against energy companies

[InfoSec News <alerts () infosecnews org>]

https://www.computerworld.com/s/article/9238190/DHS_warns_of_spear_phishing_campaign_against_energy_companies

By Jaikumar Vijayan
Computerworld
April 5, 2013

The Department of Homeland Security (DHS) has a warning for organizations that 
post a lot of business and personal information on public web pages and social 
media sites: Don't do it.

Phishers, the agency said in an alert this week, look for such information and 
use it to craft authentic looking emails aimed at fooling people in large 
organizations into opening and downloading things they shouldn't.

The alert was prompted by an incident last October in which 11 companies in the 
energy sector were targeted in a sophisticated spear-phishing campaign 
apparently aimed at breaching their network security.

The phishing campaign was made possible to a large extent by information posted 
publicly by an energy company listing attendees at a recent conference. The 
employee names, email addresses, organizational affiliations and work titles so 
helpfully posted by the company was used by spear-phishers to launch customized 
attacks against energy sector companies.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org