Spam Scam Says You're Fired
from the well-that-sucks dept
In the last year or so, the concept of “spear phishing” has gained a lot of popularity. Rather than broadly phishing by sending out emails pretending to be from companies with huge numbers of users/customers such as eBay or Citibank, spear phishing is much more targeted, and sometimes much more devious. It is often sent directly to people at a certain organization, made to look like it comes from someone at that organization and designed to play on what that organization does. It seems that some phishing scammers went one step further last week, using a spear phishing attack on employees of the Dekalb Medical Center. The email itself appeared to come from the medical center and told the employees they were being laid off. It included a link to a website supposedly for “career-counseling information,” but actually directing people to a website that automatically downloaded a keylogger program. Enough employees were freaked out enough by the notice that they didn’t consider it might be a scam, and clicked on the link. Once again, it shows how the scammers continue to adjust and adapt, and how difficult it can be to spot some of these types of scams.