Phishing will be with us as long as email. So the idea that bad guys can email posing as the CEO or another executive is not that shocking, even though it’s a relatively new angle.
IT security staff at these agencies are on guard against the now pervasive tactic of spear-phishing. In this targeted social engineering attack, hackers use emails that masquerade as trusted information to fool recipients into revealing confidential data.
Organizations can be completely compromised by this type of malware, and if they’re using common credentials (that is, the same privileged logins on numerous systems), it really is “game over” once a single common credential is exposed.
If you’re like me, by now you’ve most likely received quite a few phishing emails from supposedly prospective customers that are almost comical in their ineptness. Unfortunately though, if criminals didn’t have at least some success using these tactics we wouldn’t still be seeing them – and watching them evolve into more complex and sophisticated forms.