AOH :: ISNQ5798.HTM

Spear-Phishing Experiment Evades Big-Name Email Products




Spear-Phishing Experiment Evades Big-Name Email Products
Spear-Phishing Experiment Evades Big-Name Email Products



http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=222200326 

By Kelly Jackson Higgins
DarkReading
Jan 05, 2010

The researcher who conducted a successful spear-phishing experiment with 
a phony LinkedIn invitation from "Bill Gates" is about to reveal the 
email products and services that failed to filter the spoofed message -- 
and that list includes Microsoft Outlook 2007, Microsoft Exchange, 
Outlook Express, and Cisco IronPort.

Joshua Perrymon, CEO of PacketFocus, had previously revealed that the 
iPhone, BlackBerry, and Palm Pre smartphones had all fallen victim to 
the spear-phishing exercise.

"Email-based attacks are probably one of the most effective in today's 
hacker bag of tricks. The email security industry gets by with stopping 
most spam and known phishing attacks," Perrymon says. "The problem lies 
in a directed, under-the-radar, spear-phishing attack -- the type where 
the attacker spends time to understand the target, create an effective 
spoofed email and phishing site, [and] then attacks."

The experiment was aimed at measuring the effectiveness of email 
security controls in several major products and services. And the 
simplicity and success of the test demonstrated just how powerful social 
engineering can be and what little technology can actually do about it, 
security experts say.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods