Cybercrime that starts with a phone call
(MoneyWatch) So-called phishing attacks are getting more sophisticated. And the latest trend in cybercrime appears to include a preparatory phone call.
Security software company Symantec is reporting a variation on such schemes that it calls "spear phishing." The targeted company still gets a malware-packed email disguised as a legitimate business message, but the twist is that the criminal calls ahead to let you know it's coming.
- Is anti-virus software a waste of money?
- Simple ways to protect yourself from botnets
- Is malware lurking in your search results?
As the security company explains on its blog this week, criminals find the name and phone number of marks within a targeted company -- this information is quite easy to uncover, and might even be supplied right on the corporate website. Since the fraudsters look for people whose job includes processing invoices or other financial documents, this would not be suspicious, and in fact the call helps to defuse any concerns about the email and malware-infected payload.
So far, these attacks have been limited to French-speaking companies in France, Romania and Luxembourg. But if they're successful, expect such attacks to spread to the U.S. as other cybercriminals leverage a new technique.
Symantec advises that companies be on guard in dealing with cold calls regarding processing emails. Since the caller is likely to have limited information and is simply hoping the call itself will help deflect scrutiny from the email, asking additional questions can help verify the legitimacy of the request and ferret out possible fraud.
Dave Johnson
View all articles by Dave Johnson on CBS MoneyWatch »
Dave Johnson is editor of eHow Tech and author of three dozen books, including the best-selling How to Do Everything with Your Digital Camera. Dave has previously worked at Microsoft and has written about technology for a long list of magazines that include PC World and Wired.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
