Spear Fishing (Phishing) in the Information Age

Gads – it’s just totally scary what’s happening out there!  Too many folks fell victim to this latest scheme and revealed their account information.  The “Attack” apparently came from China and targeted high-level officials in S. Korea and folks from the U.S. who are supporting them I guess.  I have fallen victim to these same types of attacks, at least once I blew it when I saw an email supposedly from Craigslist and clicked the link in the email, only to goto a page that “looked” like a Craigslist login page.  I was duped into revealing my login and password for Craigslist, and I was FUMING mad at myself for doing that!  I had to change my password in a hurry!

That one was relatively innocent, this latest round of attacks is horrendous in its consequences.  CNN wrote it up and at the end states something like “Consumers are under attack and are losing!”  Heck NO!  The targets of this attack were clearly military either in fact or in the type of business they are in (Defense)!  That’s just shocking and what should be considered an act of war!  People just don’t get it, the computer and security is BIG business, hacking is easy, and hackers are making a MINT off of us.  That information they gleaned from this attack could be worth millions or possibly even billions!

So, what are we gonna do about these things?  We all must be more security conscious.  I would advocate NEVER clicking a link in an email personally, rather the publisher should be forced to reveal the URL of the link – directly so that it can be cut-n-pasted, but never clicked on directly.  This would force people to look at the URL first to determine whether it’s actually taking them to where it says it’s taking them.  Face it, most folks probably don’t even know what a URL is…  The email readers at least should be forced to disallow clicking on the links, especially if they are to IP addresses rather than domains.  If those links embedded in emails take folks to some other country than their original location, then they should be disallowed as well.  There must be some sort of reasonable scheme that can be enacted to deal with this type of attack.

What are your thoughts on this?  Anybody?

It becomes even scarier in light of the fact that some fellow (who I believe works for a security firm) announced today that he had discovered a vulnerability in the “cookie” mechanism that all our browsers use to store information about US!  Gads, just going to some site could reveal all my personal information stored in all those cookies in my browser – YIKES!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s