spear phishing attack - only works when you use an email tool that does NOT display underlying URLs and header info... Youd think folks working in such jobs would be more aware... viewing headers can be setup in most email tools... but the default in Microsoft Outlook does NOT provide the visibility needed to protect against this kind of attack... Thunderbird does, but its unlikely they were using it... The defacto standard is Outlook... which by default will mask many important details about URLs, attachment names and header information... ANOTHER MICROSOFT RELATED SECURITY ISSUE... Outlook didnt immediately cause the problem, as it did years ago, but Microsoft outlook provided the vehicle for the SOCIAL ENGINEERING ATTACK that will work on any platform... convenience... it hid all those nasty header lines and that ugly http address for these folks... wham... fooled ya! DETAILS are important... Hide them at your own peril... Icann, the Internet Corporation for Assigned Names and Numbers, was set up to oversee the underlying addressing system that keeps the net running and ensures data gets where it is supposed to go. In a blogpost, Icann said some of its staff were tricked into opening booby-trapped email messages sent by attackers that were crafted to look like they came from other employees.
Posted on: Thu, 18 Dec 2014 16:57:46 +0000