Wednesday, April 24, 2013

Fake Tweet Result of Phishing

As follow-up to the story yesterday about @AP's fake tweet, it has been reported that the hacked message came about an hour after company employees received an expertly-crafted, spear-phishing email.

Spear-phishing is getting harder to detect as successful practices inform future "phishes." What doesn't work is abandoned, reworked and the culprit becomes increasingly less suspicious.

It may come as a surprise or not, but 19% of spear-phishing attempts are successful. Someone in an organization takes the personalized bait and hands out secure information.

The effects of spear-phishing can be avoided by fact checking. I haven't seen a copy of the message received by AP employees yesterday. It would be interesting to see it and fact check it.

Can anyone find it?




1 comment:

Anonymous said...

Sent: Tue 4/23/2013 12:12 PM
From: [An AP staffer]
Subject: News

I found a copy of it at http://grouptweet.com/blog/?p=521. Here it is:

"Hello,

Please read the following article, it’s very important :

http://www.washingtonpost.com/blogs/worldviews/wp/2013/04/23/

[A different AP staffer]
Associated Press
San Diego
mobile [removed]"