By Max Clarke

Email scams are becoming more personalised, more targeted and more sophisticated. A current emerging practice is ‘spear phishing’.

While not new, builds on the ‘phishing’ concept of luring users onto fake websites in order to record their user names and passwords after they attempt to log in, with the intention of obtaining valuable data.

Discussing this, and other threats on the internet and in particular on email, is Jelle Niemantsverdriet, principal consultant forensics and investigative response specialist for Verizon Business Europe, Middle East and African region.

“Recent spear phishing attacks have demonstrated just how much the intellectual property of businesses and the privacy of individuals are at risk. Spear phishing is an attempt to obtain login credentials from individuals so that their accounts can be monitored. This is usually done by sending an email which tricks the user into visiting an external page and entering their user name and password. This is not a new way for hackers to steal data.

“From our findings in the 2011 Verizon Data Breach Investigations Report, last year saw the total number of records comprised fall to an all-time low, from 144 million in 2009 to four million in 2010. This is because hackers are using techniques such as spear phishing to target a smaller number of email accounts, with accounts belonging to top level executives often containing the most valuable data.

“While phishing is by no means a new tactic, our report found that cyber criminals are becoming increasingly sophisticated. For instance, over the last year there has been an increased reliance on the personal touch with 78% of cases involving in-person contact.”