I originally wrote about spear phishing this past summer. In case you missed it these attacks are more targeted and designed to look like they are coming from a trustworthy source such as someone in your enterprise. It seems people will share their passwords fairly willingly via e-mail if the trust the source.
Here is a more recent article on spear phishing and how hackers are targeting credit union executives by sending them a link to a site that contains a Trojan horse program. Some users had recently updated their virus definitions and were safe from the attack. It is unclear how many people were duped by this fraudulent e-mail.
The term “spear phishing” is a very accurate as in this case some credit unions received e-mails to a dozen senior executives over a period of 45 minutes. Rather than blast a database the senders of the e-mail were very careful not to set off alarms from antivirus or spam software.
Thankfully the phishers in this case had bad grammar and some recipients of the e-mail become immediately suspicious of the scheme.