Interesting spear fishing type attack

[cmerkel at gmail.com (Chris Merkel)]

I've seen this before - it's generally not spear phishing though. What I've
seen happen is that a person's webmail account gets owned, and the attacker
uses the account to send that story to everyone in their address book.

They're really good, in some cases - I had an acquaintance who did business
in Laos and Malaysia, and when I got that same email, I really had to think
it through before I trashed it - the email claimed they had been traveling
in that area and gotten mugged.

- Chris

On Tue, Mar 9, 2010 at 9:39 AM, PJ Velasco <pjvela at gmail.com> wrote:

> One of the guys I work with got an email from a person he used to know
> real well years ago.  The email claimed that the person was stuck in
> the UK and needed money to come back home to the states.  I thought
> this was an interesting angle.  Identify and research your target (as
> usual), but instead of looking for current group memberships or
> vendors you search classmates.com or other reunion type social
> networking sites and craft an email using someone they used to go to
> school with.  Obviously this did not work on my coworker, but I
> thought the list would find it interesting.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
- Chris Merkel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100309/ad36e961/attachment.htm