Thursday, November 8, 2007

Targeted Phishing, You Don't Say?

I hate to say it... Oh, who am I kidding? I LOVE to say, "I told you so!" This is actually pretty neat, so long as you're not

(Via Schneier) admitted today that one of their employees was the victim of targeted phishing. And that once his account was compromised, it was used to get lists of e-mail addresses for... wait for it... more targeted phishing attacks!

So as targeted phishing attacks pass from the realm of pen-testers-who-can't-use-debuggers to actual criminals, the anti-spam/phishing segment is going to have to catch up. And it's not going to be easy, because traditionally collecting spam and phishing e-mails has been remarkably easy. But once the attacks become targeted, it's exponentially harder to get samples before the damage is done.

Enter the custom-tailored anti-phishing service. Gonna call those VC folks back.

1 comment: said...

I think you missed the mark here. Sure people recognize that targeted phishing is occurring, but what SANS and Schneier, (and the DOD and many defense contractors) is pointing out that targeted phishing is on the rise as a means to compromise employees of an organization.