back to article Beware the malware-tipped SPEAR TRAP in your inbox

The vast majority (91 per cent) of targeted attacks begin with a spear phishing email, according to a new study by Trend Micro. Spear phishing is a form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for example, refer to their targets by their specific …

COMMENTS

This topic is closed for new posts.
  1. K
    Coat

    "The need to redesign corporate defences, according to Trend Micro."

    Roughly translated:

    You'll want to spend more money with us, we have a new product on the way the way, which will give you "just the right protection"!

    meh, I'm becoming a pessimist :)

    1. edge_e

      Re: "The need to redesign corporate defences, according to Trend Micro."

      meh, I'm becoming a pessimist :)

      Let me fix that for you.

      meh, I'm becoming cynical :)

      Having said that, just because you're cynical , doesn't make you wrong :)

      1. edge_e
        Coat

        Re: "The need to redesign corporate defences, according to Trend Micro."

        Crikey, how many smileys

        1. Sir Runcible Spoon

          Re: "The need to redesign corporate defences, according to Trend Micro."

          "Crikey, how many smileys"

          I propose a new code to signify that the whole post is intended with a grin..

          <:)> blah blah </:)>

          There, that looks nice and obvious :)

  2. AndrueC Silver badge
    Thumb Up

    My email anti-spam system is still going strong after fifteen years. It's a variant of disposable addressing and grey listing. Every contact gets their own email address to use for me following a basic template. My mail server throws away any incoming mail that doesn't match the template. Everything else goes into my mailbox.

    There's a small list of known offenders who also get blasted. Mostly small independent retailers. Which is why I rarely use those these days. The big boys seem better able to keep my data private.

    Aside from making me immune to random spam it means I know who an email is supposed to have come from - I don't have to rely on the 'from:' field in the headers which is easily forged. I don't have to use any spam cleaning software and yet I almost never get any spam. If I do get some I can stop it dead by blacklisting the address without affecting anyone else and optional have a rant/quite word with the person who was assigned that address.

    The latter doesn't always work though. The publishers of Avast claimed that the unique address I gave them must have been generated in a dictionary attack - despite the fact the server logs showed an otherwise normal day of a dozen random spam mails. I stopped using their product after that.

    1. Kevin Johnston

      simple yet effective

      I have always tried to use disposable addresses where I have concerns about the person/company I am talking to and as I have my own mail server it makes this a lot simpler. It never ceases to amaze me how often you can track a unique address through a number of apparently disconnected companies and ending up in a spam source.

      1. Simon Harris

        Old School...

        Back in the old days my dad used to tweak the last 2 letters on his postcode so he could find out who was selling his address to junk-mail companies.

      2. AndrueC Silver badge
        Thumb Up

        Re: simple yet effective

        It's also interesting how long a 'dead' address can keep going. I'm still getting spam to an address I blacklisted over a decade ago. And yes, it's noticeable from the headers last time I looked that it's been traded all over the place.

        1. Vic

          Re: simple yet effective

          > I'm still getting spam to an address I blacklisted over a decade ago

          I'm still getting daily delivery attempts to an address that was accidentally generated by a misfiring spambot a decade ago.

          The address has never been mine. It's easy to see how it was put together (stupid script). No email has ever been delivered to that address. Yet every single day, some spambot tries...

          Vic.

    2. Anonymous Coward
      Anonymous Coward

      "Every contact gets their own email address to use for me"

      Surely though this won't scale any larger than one sender to many recipients? If you administrate say, 30,000 senders, I can't think of any practical way giving them multiple email addresses would work.

      1. clocKwize

        Things like gmail give you an infinite amount of aliases, you don't have to do anything to set them up, its just how they are routed - for instance, if you sign up to something as you~somesite@gmail.com when they email you it'll get routed to you@gmail.com, but you'll see it being addressed to you~somesite@gmail.com. This means you can see where spam is originating from.

        This isn't very hard to get around for the spammers though, they can just remove the ~somesite if they want.. but it wouldn't be hard to come up with a more sophisticated solution if you run your own mail server.

        1. Colin Miller

          > if you sign up to something as you~somesite@gmail.com when they email you it'll get routed to you@gmail.com, but you'll see it being addressed to you~somesite@gmail.com

          The relevant RFC requires that you+randomstring@isp.com is delivered to you@isp.com

          However, not all email providers support that, and some is-it-a-valid-emai-address checks on the signup pages

          reject these as well.

      2. AndrueC Silver badge
        Boffin

        It might. My system is based on a wildcard. So to give a ficticious example:

        Set an alias up on the server:

        nostril.*.face@notarealdomain.local -> nostril.

        In every day use you replace the '*' with the contact's name.

        Seems to me that you could extend this passably well. The typical daily maintenance is zero because you don't actually have to create mailboxes. The wildcard lets you just hand out addresses as/when you want. The only maintenance is if/when you add an address to the blacklist.

        I'm thinking it might scale up to a few hundred users at least.

  3. heyrick Silver badge

    I wonder...

    ...how many people need attachments over the text/html/jpeg/gif/png/css used in "marked up" mails? If the mail server could be configured to throw away other attachments, except for those specific addresses for when there is a genuine need, then surely that should stomp on a lot of the problems?

    1. Simon Harris
      Meh

      Re: I wonder...

      ... how many people need attachments including the html/jpeg/gif/png/css used in "marked up" mails?

      If the mail server could be configured to throw away those... then surely my mailbox wouldn't be groaning at the sides?

      There... fixed it for you!

      1. heyrick Silver badge

        Re: I wonder...

        I fully agree - and believe that plain text emails should suffice - however my time with mobile phones and publicity mailshots has shown me that there are some crappy bits of software out there that make a complete hash of resolving a marked up email down to plain text. I thought bad was the one that stripped out all high-ASCII from the text/plain (accents and such), but then I found emails from something that didn't bother making an easily-readable version at all, so would actually send out empty plain text parts. Stupid, but one person making a stand isn't going to change much when more and more things just assume marking up is the way forward.

        At least I get a tickle when some companies track UCE readership by image fetches; which both Thunderbird and my phone block by default. It was quite amusing to receive junk from Maplin that was nothing more than a pile of empty rectangles. But many companies are guilty of this, especially those who spam you from third-party services for the analytics. I just consider "if tracking my response is more important than the message; the message isn't worth responding to".

  4. Anonymous Coward
    Anonymous Coward

    We had someone manage to get an email through which was cleverly mocked up to appear to come from our IT helpdesk. The email had a link to upgrade Acrobat Reader, I dread to think how many people fell for it but luckily our security chaps blocked the site!

    It was one of the most sophisticated spear phishing attempts I've ever seen. They are getting increasingly clever so I think this study is more than just Trend trying to flog some products!

  5. Al Jones

    No PDFs?

    "RTF (38 per cent), .XLS (15 per cent) and .ZIP (13 per cent). "

This topic is closed for new posts.

Other stories you might like