By Kelly Jackson Higgins
Jan 05, 2010
The researcher who conducted a successful spear-phishing experiment with
a phony LinkedIn invitation from "Bill Gates" is about to reveal the
email products and services that failed to filter the spoofed message --
and that list includes Microsoft Outlook 2007, Microsoft Exchange,
Outlook Express, and Cisco IronPort.
Joshua Perrymon, CEO of PacketFocus, had previously revealed that the
iPhone, BlackBerry, and Palm Pre smartphones had all fallen victim to
the spear-phishing exercise.
"Email-based attacks are probably one of the most effective in today's
hacker bag of tricks. The email security industry gets by with stopping
most spam and known phishing attacks," Perrymon says. "The problem lies
in a directed, under-the-radar, spear-phishing attack -- the type where
the attacker spends time to understand the target, create an effective
spoofed email and phishing site, [and] then attacks."
The experiment was aimed at measuring the effectiveness of email
security controls in several major products and services. And the
simplicity and success of the test demonstrated just how powerful social
engineering can be and what little technology can actually do about it,
security experts say.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News