Corporate networks are at risk from "spear phishing," a cyberattack using specific knowledge about employees and their organizations, U.S. researchers say.
Security researchers at the Georgia Institute of Technology say the attacks often take the form of emails that seem to originate from a fellow worker or a superior, asking workers to visit a particular website or provide some personal or work-related information.
The website may attempt to install malware into the corporate network, launch a virus or ask for a user's password, they said.
"Spear phishing is the most popular way to get into a corporate network these days," researcher Andrew Howard said. "Because the malware authors now have some information about the people they are sending these to, they are more likely to get a response. When they know something about you, they can dramatically increase their odds."
Public information, much of it from social media sites, often provides the attacker with that personal information.
The weakest link in a corporate network can be a single worker who falls for an authentic-looking email, the researcher said.
"Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully crafted email to let someone into it," Howard said. "It's very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, email users have to do the right thing every single time."
Most Popular Stories
- Accenture Gets 8 Percent Bump in Q1
- Insurance Rule Change Angers Industry
- Alex Kinsey, Sierra Deaton Crowned 'X-Factor' Champs
- Revised GDP Up 4.1 Percent in 3rd Quarter
- Obama Opens Last-Minute Loophole in Insurance Law
- Obama's Dad Was Abusive Drunk, Half Brother Says
- Time No Longer Stands Still for Cuban Entrepreneurs
- Brian Boitano Announces That He Is Gay
- Little Risk of Deportation Under Obama
- Renewable Energy Group to Acquire Syntroleum