Newswise — September 29, 2011 — October is National Cyber Security Awareness Month. Karen McDowell, an information security analyst at the University of Virginia, is available for interviews about cybersecurity in general and about "spear-phishing" in particular.
Spear-phishing emails are highly targeted, sophisticated fake messages that appear to come from legitimate businesses, even your own company. The phishers, McDowell says, do research to learn what issues are important to a group and then target their attacks along those lines. The messages frequently convey a sense of urgency: You must act fast or update your information to keep your account current.
"These messages often address you by first name," McDowell says. "They look as though the information technology administrators, HR personnel or some other administrative group you normally trust sent them especially to you.
"One of the other unique marks of spear-phishing messages is that they are timed to arrive when you are least likely to pay attention to the details, like the end of the work day, when you're tired and on your way home, or 8 a.m. on a Monday before you have even had time for that first cup of coffee." Sometimes the attacks take the form of a voice mail or a text message. She also warns that phishers have learned to use Google and Facebook to ensnare unsuspecting users.
McDowell provides advice as well: If you receive an unexpected message, don't open it – and in particular don't open any attachments. Contact your IT department or the company that purportedly sent it. And delete it if it's not legitimate or you just aren't sure.
"All of us individually are the first and best line of defense," she says, recommending the "Stop. Think. Connect" campaign started by a coalition of companies, non-profit organizations and governmental agencies.
McDowell, who works in U.Va's Information Security, Policy and Records Office, regularly makes presentations on avoiding common online hazards, such as phishing, worms and viruses, and credit card and identity theft. She has worked in information technology for more than 15 years. She has presented at numerous conferences and published articles on information security.
RSS