Spear phishing is a rising cyber threat, one affecting both private sector companies and the federal government.
Wired.com’s Danger Room reported of an attack on the Oak Ridge National Laboratory which forced an internet disconnection across the network after the federal facility was hacked.
The lab, located in Tennessee, conducts energy and national security work for the federal government ? including classified projects. Cybersecurity is even one of their focus areas, including researching vulnerabilities in software and hardware.
While the Oak Ridge spear phishing attack reached out to hundreds of employees via an e-mail sent under the guise of an employee benefits message from human resources, only 57 clicked the link and only two machines were infected with malware.
Phishing scams generally use accurate data to lure their victims in (such as the seemingly legitimate e-mail from human resources in the Oak Ridge case). This is often accomplished by hacking into the network before the attack, or by gathering enough open source information from websites.
Lab officials at Oak Ridge say data stolen was limited and internet access was shut down as soon as the breach was detected.
To keep a spear phishing attack from happening to you remember that companies generally don’t request personal information via e-mail. When in doubt, don’t click links within e-mail, and don’t forget to use a phishing filter in your web browser (most have them built in).