More worryingly, said Mr Beer, were signs that different sections of the underground economy were starting to collaborate to improve their chances of catching people out. Hi-tech criminals with information culled from job sites, online games or social networking sites were teaming up with phishing gangs and spammers, said Mr Beer. The end result was well-crafted e-mail campaigns that gained a gloss of credibility by combining several different bits of data.
Narrowly targeted phishing emails ("spear phishing") use information that the victims believe 'must be legitimate' to fool them into opening infected attachments, visit phishing/infected websites etc.
Email users must:
1) Avoid opening executable email attachments that turn up unexpectedly, even those that appear to come from a legitimate source such as someone they know (if they intend to open executable attachments, users should first phone the sender to confirm what was sent);
2) Avoid following URLs provided in emails, and watch out for URLs ;
3) Make sure their antivirus software is maintained constantly up-to-date;
4) Not fiddle with the security configuration of antivirus, personal firewall, email, browser and other software;
5) Take regular off-line backups of all important data, making sure that the data are correctly stored and can in fact be retrieved if (when!) needed;
6) Run anti-phishing utilities such as phisher site warning add-ons for browsers;
7) Most of all, remain alert to email security threats. Be EXTREMELY wary of providing any personal data (names, addresses, passwords, PIN codes, credit card numbers etc.) to a website or form provided by email. Corporate email users should report suspicious events to their IT Help/Service Desk or information security function the sooner the better - it may not be too late to prevent further damage.