CHICAGO, July 26 (UPI) -- Fake emails used by hackers in "phishing" attacks to access company and government data are getting harder to distinguish from real ones, security experts say.
The sophisticated attacks -- targeting the likes of attorneys, oil executives and managers at military contractors -- are increasingly attempting to acquire proprietary documents and passwords to gain access to company and government databases, security specialists said.
A survey compiled by Verizon Communications Inc., the nation's largest wireless carrier, found nearly every incident of online espionage in 2012 involved some sort of phishing attack, the Chicago Tribune reported Friday.
The fake, but apparently genuine, emails often includes links that, when clicked on, result in the undetectable download of malware that infects personal computers, turning them into remotely controlled robots for hackers.
Chandra McMahon, chief information security officer at Lockheed Martin Corp., said phishing attacks aimed at its employees often try to appear as if they were coming from emails and websites of industry organizations its employees visit on a regular basis.
"They are compromised by adversaries because they are the perfect spot to put malware because a lot of the employees from the industry will go there," McMahon said.
Peter Toren, a former Justice Department computer crimes prosecutor, said he is unaware of any companies firing an employee for introducing malware into a corporate system by clicking a phishing link, but he said a company might eventually have to make an example of someone.
"They certainly wouldn't sue an employee, because they don't have deep pockets to pay a claim," Toren said. "But it certainly could be grounds for termination. 'You failed to listen to us. You failed to follow training.'"
