Access keys | Skip to primary navigation | Skip to secondary navigation | Skip to content | Skip to page tools | Skip to footer |
Problems viewing this site
Feature News and Research title Feature News and Research image top
Featured research Feature News and Research image bottom

How to avoid the 'spear phishers'

03 October 2005

In January this year the world's leading provider of email security and management services, MessageLabs, flagged the emergence of a new email security threat known as spear phishing, a more targeted and sophisticated form of phishing.

Phishing is the technique whereby spam, dressed up as legitimate email, asks the recipient to provide information which is then used illegally for profit.

IBM's latest Global Business Security Index indicates a growth in incidences of spear phishing, and MessageLabs data for May and June 2005 supports this. Global patterns in spear phishing interceptions show the number of attacks almost doubled: in June MessageLabs stopped 512,408 attempts, compared with 275, 333 attempts in May.

According to MessageLabs, phishers are now working more strategically by sending targeted emails to businesses, rather than making generic phishing attempts in the hope that a recipient takes the bait.

These emails are designed to appear as though they were sent by another member of staff at the same organisation, such as the IT administrator, and the intent is to gain access to secure corporate information. Many organisations make the spear phisher's life easier by providing personal email addresses on their website. These email addresses can be easily spoofed.

Protect your enterprise from spear phishers

The USA's CERT® Coordination Centre (CERT/CC), which specialises in Internet security, offers a number of recommendations to protect against email spoofing.

  • Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.
  • Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites.
  • Ensure your mail delivery daemon allows logging and is configured to provide sufficient logging to assist you in tracking the origin of spoofed email.
  • Consider a single point of entry for email to your site. You can implement this by configuring your firewall so that SMTP connections from outside your firewall must go through a central mail hub. This will provide you with centralised logging, which may assist in detecting the origin of mail spoofing attempts to your site.
  • Educate users about your site's policies and procedures in order to prevent them from being "socially engineered" or tricked, into disclosing sensitive information (such as passwords). Have your users report any such activities to the appropriate system administrator(s) as soon as possible.

For more information about how CITEC can help you create a secure ICT environment, please contact CITEC Technical Product Consultant, Greg Smith on +61 7 3222 2566.

grey line

CITEC RSS feedCITEC feed available.

Read more about RSS at CITEC. Not sure what is RSS?
Related links

» CITEC at a glance

» CITEC feature news

Ask a CITEC analyst