Written By: Michael McCartney, President of DIGITS, LLC – A Division of Avalon
I think we can all agree that the FBI is badass. So when they say something is threatening us, it’s for real. In November 2009, the FBI issued their first official warnings concerning spear phishing attacks targeting U.S. firms.
A spear phishing attack is when an e-mail is sent to a high-level executive of a firm that appears to originate from another high-level executive within the firm. The e-mail from the attacker has the same e-mail convention that the firm uses (e.g., email@example.com) and the content of the e-mail can be as simple as, “After our conversation last week, I found this interesting article that I thought was very much on point for your matter.” The e-mail has an embedded link that, if clicked, takes the recipient to a website that downloads the referenced article as well as a payload allowing remote access to that computer system. This is an entry point into the corporate network and, depending upon the level of access the victim has, the hacker can laterally access other resources and data as well.
Continue reading the full article on Avalon’s website: Law Firms & CPA Firms are Targets of Organized Hackers