Fight spear phishing

You or your users have probably received e-mail explaining that your eBay or Paypal account has been suspended or is suspected of having been compromised. Maybe you have received the one from Citibank or Bank of America or some other major financial institution. These, of course, are examples of phishing attacks.

A phishing attack uses an e-mail claiming to be from a business or institution as "bait" to lure the "phish," which is the unsuspecting user, into clicking on a link or entering personal or confidential information such as their usernames, passwords, credit card information or more.

A normal phishing attack is blasted out to millions of e-mail addresses, the vast majority of which probably don't even do business with the entity being spoofed. A "spear phishing" attack, on the other hand, targets a smaller, more specific audience. Rather than casting a net across the whole Internet, a spear phishing attack tries to pinpoint gullible victims from a single company or a smaller financial institution. The at

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Intrusion detection, prevention and removal Windows security tools for the busy desktop administrator Check IT List: Five steps for rootkit detection Top Windows client security tools for end users Tools for virus removal and detection Buffer overflows can be prevented by GS cookies Determining the proper Microsoft malware removal tool October patches fix four threats Cool things about security, nothing about Britney Spears Run third-party malware detection tools in Windows Malware prevention and detection webcast series

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

tack has higher odds of success and a much lower possibility of being identified quickly.

Phishing attacks, whether full-blown or spear phishing, typically create Web sites designed to look exactly like the legitimate Web site of the company being spoofed. In fact, many of the links and graphics are often linked to the real content from the spoofed company's site, with only a few key fields feeding information to the attackers. Below are things you can teach your users to make sure they are not susceptible to phishing.

As an administrator, there is a way you can proactively prevent phishing.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit S3KUR3.com.