From: Craig Phillips [] on behalf of Craig Phillips []
Sent: Thursday, July 24, 2008 4:30 PM
Subject: Cocktail Talk
Cocktail Talk
Bits and bytes of computer chat-chat
to help you through those dreary Cocktail Parties.
February, 2008
Our Topic
Spear Phishing
Visit & email

Cocktail Talk
Dear Craig,
Cocktail Talk
Welcome to
CN Consulting's "Cocktail Talk".

Cocktail Talk is a casual monthly newsletter intended to arm you with amusing bits and bytes of information on whats happening in the computer world.  Topics sure to break the ice and capture an audience at many a social or business event.

There are buttons below to do things including unsubscribe. If you unsubscribe you will be immediately removed from our email list and may end up hanging around a soggy fruit tray sipping warm beer, alone, at your next Cocktail Party.
But that's your call, and that's Cocktail Talk.
Spear Phishing
CerryUsing trickery to get a specific someone to give up confidential information is called
Spear Phishing.

Case in point: A client is on vacation and visiting a friend. The friend is an ebay user, and while they're together he gets an email to his gmail about something on ebay. But its really Spear Phishing. He clicks the link, his gmail account becomes inactive, and while he's trying to figure that out someone uses his account to buy cheap cell phones for $1,000 each on ebay. ebay caught it so he's not liable, but now he's stuck with "lost my wallet" issues, and if you've ever been there you know what that's like.

Somebody had a plan to dupe an ebay user by sending them an innocent looking email pretending to be ebay. The attachment made it through AV screening and became the responsibility of the recipient. It seemed right, routine even, and he opened it.  Then the crook bought cell phones from his own crooked ebay listing hoping to cash in on thousands of dollars. Spear Phishing is used in lots of other ways too.

CitiBank will  not email you asking for you to confirm your account information because they had a computer problem. There's a long list of reasons why but this one should be enough.  CitiBank would never ever admit a mistake of any kind. Believe it or not, its probably just the Russians trying to steal from you. But how do they know you use CitiBank?

AirTran Airways got Spear Phished. Executives there received emails phishing for confidential information. The U.S. Department of Energy got Spear Phished. The criminals knew exactly who they were after and targeted their attack. The FBI and MI5 are onto Spear Phishing as espionage and have tracked attacks back to China.

Not too long ago a campaign headquarters in Colorado was targeted. One group didn't like the politics of the  other and cyber attacked them to cripple their network during elections. Not  phishing, but an excellent example of targeted attack.Causing the right damage at the right time. Just like the spit-ball pitcher in baseball who throws one junk pitch to change the outcome of a game.

So what about you? The Russians and Chinese couldn't fool you could they? . Facebook, LinkedIn, MySpace and Google give them more than enough dirt on you to act all buddy-buddy.. Go ahead and play spy on yourself. Google you, your company, organizations you belong to.

Cyber Espionage, by well-resourced organizations, particularly using Spear Phishing, is ranked the #3 Cyber Security Menace for 2008 by the SANS Institute.

Maybe you feel you're too small to be a target, but that's your call, and that's Cocktail Talk.

Thank you for reading,
Craig Phillips
CN Consulting, Inc.
CN Consulting, Inc -
Computer Consulting for Business!
Serving the Chicagoland and Greater Milwaukee areas since 1990
CN Consulting is a female owned and operated company
Safe Unsubscribe
This email was sent to by
CN Consulting, Inc. | 23830 112th St | Salem | WI | 53179