Many industries are now being targeted by well-tailored spear-phishing scams, the FBI has warned, with emails containing accurate information about victims, harvested from social networks or from previous intrusions into the same network.
In a blog post on its “New E-scams and warnings” page, the FBI’s Internet Crime Complaint Center warns that “The FBI has seen an increase in criminals who use spear-phishing attacks to target multiple industry sectors. Cyber criminals target victims because of their involvement in an industry or organization they wish to compromise.”
“Recent attacks have convinced victims that software or credentials they use to access specific websites needs to be updated. The e-mail contains a link for completing the update. If victims click the link, they are taken to a fraudulent website through which malicious software (malware) harvests details such as the victim’s usernames and passwords,” the FBI warns.
The scams are used to harvest data such as passwords, usernames and bank details, but cybercriminals also use them to “cause disruptions or steal intellectual property and trade secrets,” the FBI says.
The information comes from complaints to the FBI as well as information gathered during cybercrime investigations, according to spokeswoman Jenny Shearer, speaking to Bank Info Security. "The FBI has become aware of new variations of spear-phishing attacks and has seen a slight increase in these particular schemes in the past 12 months," Shearer said.
The FBI advises users not to hand out information such as usernames and passwords in response to emails - and advises that telephone numbers contained in phishing emails are “likely to be fraudulent as well.”
Further ESET reports on recent spear-phishing attacks can be found here.