ATLANTA, Jan. 8 (UPI) -- Corporate networks are at risk from "spear phishing," a cyberattack using specific knowledge about employees and their organizations, U.S. researchers say.
Security researchers at the Georgia Institute of Technology say the attacks often take the form of emails that seem to originate from a fellow worker or a superior, asking workers to visit a particular website or provide some personal or work-related information.
The website may attempt to install malware into the corporate network, launch a virus or ask for a user's password, they said.
"Spear phishing is the most popular way to get into a corporate network these days," researcher Andrew Howard said. "Because the malware authors now have some information about the people they are sending these to, they are more likely to get a response. When they know something about you, they can dramatically increase their odds."
Public information, much of it from social media sites, often provides the attacker with that personal information.
The weakest link in a corporate network can be a single worker who falls for an authentic-looking email, the researcher said.
"Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully crafted email to let someone into it," Howard said. "It's very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, email users have to do the right thing every single time."
|Additional Technology Stories|
DAYTON, Iowa, May 22 (UPI) --As searchers in Iowa hunted Wednesday for an abducted teenage girl, a law enforcement official called the discovery of two backpacks and a purse major leads.
NEW YORK, May 22 (UPI) --CBS says it has ordered a single-camera comedy based on the 2011 Hollywood film "Bad Teacher" for the 2013-14 television season.
IRVINE, Calif., May 22 (UPI) --Two colliding galaxies have formed a fragile mega-galaxy, a short-lived phenomenon U.S. astronomers are calling a cosmic "missing link."