“Phishing” refers to the fraudulent process of attempting to acquire sensitive information such as usernames and credit card details by masquerading as a trustworthy entity by way of e-mail, instant messaging or some other electronic communication. The communciation will often directs users to enter details at a fake website that is almost identical to the legitimate one.
To illustrate, in a recent example of spear-phishing launched from a web server in China, CEOs received an email message purporting to be from a federal court stating that a subpoena was being directed to the CEO with a link to a web address ending in “uscourts.com”. More than 1,800 CEOs clicked on the link. Once the victims arrived at the bogus site, they were asked to view court documents by downloading a browser plug-in, which was actually malware used to gain access to the victim’s computer.
On November 17, 2009, the FBI issued a cyber advisory warning that hackers appear to be targeting law firms and public relations firms. Here’s a not-so-clever example:
Subject: Attn: Pamela Pengelley
Alexander JLO – Solicitors
11 Lanark Square
London E14 9RE
TEL:+44 794 4145 981
Fax:+44 794 4416 262
Good day: Pamela,
This is a personal E-mail directed to you and I request that
it be treated as such.
I am Barrister Wilson Baker, a solicitor at law. I am the personal attorney/sole executor to the late Engr Gerald Pengelley herein after referred to as’my client’ who worked as an independent oil magnate in my country and who died in a plane crash with his immediate family in December 2003.
Since the death of my client, I have written several letters to the embassy with an intent to locate any of his extended relatives whom shall be claimants/beneficiaries of his abandoned personal estate and all such efforts have been to no avail.
More-so, I have received official letters in the last few weeks suggesting a likely proceeding for confiscation of his abandoned personal assets in line with existing laws by the bank in which my client deposited a notably high amount of money.
On this note i decided to search for a credible person and finding that you bear a similar last name, I was urged to contact you, that I may with your consent, present you to the “trustee” bank as my late client’s surviving family member so as to enable you put up a claim to the bank in that capacity as a next of kin of my client.
I find this possible for the fuller reasons that you bear a similar last name with my client making it a lot easier for you to put up a claim in that capacity.
I propose that 35% of the net sum will accrue to you at the conclusion of this deal in so far as I do not incure further expenses.
Therefore, to facilitate the immediate transfer of this funds, you need, first to contact me via my private email:(firstname.lastname@example.org) for better confidentiality, signifying your interest and as soon as I obtain your confidence I will immediately appraise you with the complete details as well as fax you the documents, with which you are to proceed and i shall direct you on how to put up an application to the bank.
However, you will have to accent to an express agreement which I will forward to you in order to bind us in this transaction.
Upon the receipt of your reply,I will send you by fax or E-mail the next step to take.I will not fail to bring to your notice that this proposal is hitch-free and that you should not entertain any fears as the required arrangements have been made for the completion of this transfer.
Like I said, I require only a solemn confidentiality on this.
Wilson Baker Esq
A word to the wise – proceed with caution before clicking on a link in an e-mail, even if the message appears to be from a reliable source. Better to seek confirmation from your information systems resources than fall victim to a spear-phishing scam. For more information, check out Microsoft’s webpage, “How to Recognize Phishing Emails and Links”.