60-Second Tech

Spear Phishers Want Your Info

The recent AP Twitter account hack looks like an example of a successful spear phishing attack, in which a targeted e-mail duped the news agency's employees. Larry Greenemeier reports

You’ve got a few minutes between meetings, so you run through some of the e-mail in your in-box. You quickly notice an urgent message from a colleague telling you to check out an important article on the Web. You dutifully click on the link supplied and enter your login credentials when asked.

You’re in too much of a hurry to notice you just gave your password to a fake Web site. You’ve fallen victim to a cyber scam known as spear phishing. Now someone may have installed malware on your computer that captures all of your keystrokes.

In regular phishing, scammers send thousands of bogus e-mails trying to sucker random people into surrendering important information. Spear phishing e-mails, however, are designed to look like they come from someone you know.

The worst that could happen? Well, if you’re the Associated Press, someone could hijack your corporate Twitter account and falsely inform your two million followers that the White House has been attacked, causing a temporary plunge in the stock market, which happened April 23rd. Oops.

So when surfing the Web, beware of spear phishers. Or you could find yourself up the creek.

—Larry Greenemeier

[The above text is a transcript of this podcast.]

Share this Article: