‘Spear Phishing’ Surged After Targeted Attacks on Gmail Users, Symantec Says
Earlier last week, Google has detected a campaign of collecting user passwords through a phishing scheme that appears to originate from Jinan, China, affecting hundreds of personal Gmail accounts.
The “targeted” accounts belonged to specific individuals, including senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel, and journalists.
“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” Google said, adding that it had disrupted this campaign.
Francis deSouza, Group President, Enterprise Products and Services of Symantec, described the “targeted attacks” as “spear phishing,” or an email appearing to be from an individual or business that a user knows but is not.
These hackers want the users’ credit card and bank account numbers, passwords, and the financial information on users’ PCs.
Symantec said it has noted a continuous increase in targeted attacks, including spear phishing.
Its April 2011 MessageLabs Intelligence Report, for example, showed that the number of targeted attacks it intercepted each day rose to 85, the highest since March 2009 when the figure was 107 in the run-up to the G20 Summit held in London that year.
DeSouza said many of these targeted attacks simply preyed on individuals for their personal information only, while some high-profile targeted attacks in 2010 like Stuxnet and Hydraq attempted to steal intellectual property or cause physical damage.
DeSouza added: “The spear phisher thrives on familiarity. They know their target’s name, email address, and at least a little about them personally. The salutation on the email message is likely be personalized: ‘Hi Bob’ instead of ‘Dear Sir.’”
Because the email seems to come from someone known to the targets, they may be less vigilant and give away their personal information or they may act before thinking when the spear phishing comes from a company they trust.
People can become targets of spear phishing through the information users put on the Internet from their computers and smartphones, deSouza said.
“For example, they might scan social networking sites, find a user’s page, their email address, their friend list, a recent post by them telling friends about the cool new camera they just picked up from an online store, or a page about someone giving a presentation on a new ground breaking technology.”
These pieces of information enable spear phishers to pose as a friend, send the targets an email, and ask them for a password to the user’s photo page.
Phishers will try variations of the passwords that they may steal from willing victims to access their account on the online shopping site they bought the camera from.
The spear phisher might also use the same information to pose as the online shopping site and ask the users to reset their password, or re-verify their credit card number, which can harm them financially.
In the case of the recent Gmail attacks, the phishing scheme contained a link that would point to a Web page hosted somewhere on Google.com.
Graham Cluley, senior technology consultant at Sophos, claimed that the form pointing to a spreadsheet on Google Docs that computer users are being directed to is not genuine.
“And, in this case, a ‘Google account verification form’ is attempting to trick you into handing over personal information – such as your name, full date of birth and password,” Cluley said.
Following the phishing attacks, Google has advised users to enable the 2-step verification that uses a phone and second password on sign-in to protect accounts from this attack.
The search giant added that checking Gmail settings for suspicious forwarding addresses could improve a user’s security.