It’s Back — Internet At Oak Ridge National Laboratory

A few minutes ago Barbara Penland, Oak Ridge National Laboratory spokeswoman, issued an email saying, "We are delighted to announce that Internet connectivity has been restored at ORNL." Why is this news?  Because on April 15, 2011, ORNL was taken off-line in response to a spear-phishing attack that compromised its systems. As ORNL has learned, traditional security methods can’t detect and stop low volume, highly targeted spear-phishing email and training isn’t effective. What can be done to defend the enterprise against spear-phishing?  The enterprise can adopt a tool that identifies trusted email so that the target of the spear-phishing attack [...]

2017-01-07T17:35:28+00:00 April 29th, 2011|SP Guard, spear phishing|

Phishing emerges as major corporate security threat

On April 20, 2011, Computer World’s Jaikumar Vijayan reported on the increasing threat of spear-phishing to the enterprise.   The report relates the compromise of Oak Ridge National Laboratory.  Oak Ridge National Laboratory was forced to shut down its email systems and all Internet access for employees on April 15, 2001, following a sophisticated spear-phishing cyberattack.  The Oak Ridge National Laboratory is just one of a series of recent compromises that started with spear-phishing email.  Vijayan reports that the spear-phishing attacks are becoming more sophisticated.  For example, the bad guys are using social networking sites to collect personal information to customize the [...]

2017-01-07T17:35:28+00:00 April 22nd, 2011|Phishing, SP Guard, spear phishing|

Epsilon Data Loss — Update

threatpost, the Kaspersky Lab Security News Service, has provided an updated list of the companies that have been affected by the Epsilon data breach: 1-800-FLOWERS AbeBooks Air Miles (Canada) Ameriprise Financial Ann Taylor credit card (provided by WFNNB) Barclay's Bank of Delaware (this breach affects customers     of several private-label Visa credit cards, including BJ's     and L.L. Bean) Beachbody Bebe Stores Best Buy Benefit Cosmetics Brookstone Capital One Chase Citigroup City Market College Board Crucial Dell Dillons Disney Destinations Eddie Bauer Eileen Fisher Ethan Allen Eurosport (Soccer.com) Food 4 Less Fred Meyer Fry's Electronics Hilton Honors program Home Depot [...]

2017-01-07T17:35:28+00:00 April 19th, 2011|Consumers and Email, Phishing, SP Guard, spear phishing|

Spear-Phishing. Coming Now To Consumers!

Epsilon’s recent loss of email data to hackers has brought new attention to the problem of spear-phishing.   What is spear-phishing?  In order to answer that question, you need to know what phishing is.  Phishing is email that is designed to appeal to the recipients’ desires, fears and curiosity to get the recipients to act to the recipients’ detriment.  Typically, that action is to click a link that goes to a fake website that asks for information in order to commit identity theft.  Sometimes these emails are very ineffective to the point of being funny.  We are all familiar with the [...]

Iconix Announces SP Guard, Spear-Phishing Defense for the Enterprise

ICONIX, Inc., the industry leader in visual email solutions, announced today that it has released the initial version of a product that defends against spear-phishing. The product, called SP Guard™, allows email recipients to differentiate real email from spear-phishing emails though the display of an authenticity indicator in the inbox and in the open message. Spear-phishing is a highly targeted email scam in which the email is carefully crafted to entice the specific recipient. This differs from typical spam-like phishing scams that are based on fooling a small percentage of a large number of recipients. These are many examples of [...]

2018-04-05T13:08:29+00:00 April 6th, 2011|Phishing, SP Guard|

Epsilon Compromised by Spear-Phishing. Bad Guys Get Email Addresses.

On April Fools’ Day, early reports circulated that Epsilon, the large email service company, had lost email addresses of many of its prominent customers.  This turns out NOT to be an April Fools’ joke – the names and email addresses used by Epsilon’s customers had, in fact, been compromised.  Reuters reports that email lists used by CitiBank, Walgreens and Best Buy had all been compromised.  In fact, as reported by SecurityWeek, dozens of brands were impacted, including JPMorgan Chase, US Bank, Target, Home Shopping Network, The College Board, and Marriott Rewards. How could this happen?  Epsilon was the victim of a [...]