- Feb 7, 2014
- 1,540
New approaches that look for more subtle patterns can help reduce highly-targeted spearphishing attacks
A CEO said that his controller had just received an email, ostensibly from him, asking her to process an urgent outgoing payment.
Everything about the letter looked legit.
"It has my display name, spelled correctly," said Kevin O'Brien, co-founder and CEO at Belmont, Mass.-based GreatHorn. "There are no attachments. There's nothing in the email that's misspelled. My signature line was copied from my real emails."
The text of the email was totally something that a CEO might say.
"Hi Caitlin," the message said, addressing the company's controller, Caitlin McLaughlin. "Are you available to process an outgoing payment today? Let me know and I will send the payment details as soon as I receive it from the consultant shortly; I am traveling and this is urgent."
The only mistake was that the sender's email address spelled GreatHorn with two Rs instead of one, but that would have required eagle eyes to catch.
In addition, some email clients would only show the display name, not the actual email address, said Yoel Alvarez, IT security engineer at Philadelphia-based
Hersha Hospitality Management.
"To the untrained eye, this is going to look like a legitimate email," he said. "It bypasses any form of security."
You can catch the rest of the news here: New tech can help catch spearphishing attacks
A CEO said that his controller had just received an email, ostensibly from him, asking her to process an urgent outgoing payment.
Everything about the letter looked legit.
"It has my display name, spelled correctly," said Kevin O'Brien, co-founder and CEO at Belmont, Mass.-based GreatHorn. "There are no attachments. There's nothing in the email that's misspelled. My signature line was copied from my real emails."
The text of the email was totally something that a CEO might say.
"Hi Caitlin," the message said, addressing the company's controller, Caitlin McLaughlin. "Are you available to process an outgoing payment today? Let me know and I will send the payment details as soon as I receive it from the consultant shortly; I am traveling and this is urgent."
The only mistake was that the sender's email address spelled GreatHorn with two Rs instead of one, but that would have required eagle eyes to catch.
In addition, some email clients would only show the display name, not the actual email address, said Yoel Alvarez, IT security engineer at Philadelphia-based
Hersha Hospitality Management.
"To the untrained eye, this is going to look like a legitimate email," he said. "It bypasses any form of security."
You can catch the rest of the news here: New tech can help catch spearphishing attacks
