Information Security News
mailing list archives
DHS warns of spear-phishing campaign against energy companies
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 8 Apr 2013 01:27:39 -0500 (CDT)
By Jaikumar Vijayan
April 5, 2013
The Department of Homeland Security (DHS) has a warning for organizations that
post a lot of business and personal information on public web pages and social
media sites: Don't do it.
Phishers, the agency said in an alert this week, look for such information and
use it to craft authentic looking emails aimed at fooling people in large
organizations into opening and downloading things they shouldn't.
The alert was prompted by an incident last October in which 11 companies in the
energy sector were targeted in a sophisticated spear-phishing campaign
apparently aimed at breaching their network security.
The phishing campaign was made possible to a large extent by information posted
publicly by an energy company listing attendees at a recent conference. The
employee names, email addresses, organizational affiliations and work titles so
helpfully posted by the company was used by spear-phishers to launch customized
attacks against energy sector companies.
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org
- DHS warns of spear-phishing campaign against energy companies InfoSec News (Apr 08)