Security firm Trend Micro has dissected the attacks to figure out how they worked. Here are a few key takeaways:
Friends Can’t Always Be Trusted
Everyone knows to treat certain kinds of e-mails with suspicion, the like the one from your bank claiming that it needs to verify your user name and password. But the recent spearphishing attacks on Gmail users were made to look like they came from friends, family, or colleagues. This trick made victims more likely to open attachments and click on links to fake log-in pages.
Sometimes, You’re Powerless
In late May, Trend Micro discovered a vulnerability in Hotmail that could compromise a user’s account just by previewing an e-mail. The malicious messages, specially crafted for individual targets, triggered a script that could steal e-mail messages and contact information and forward new messages to another account. Microsoft has already patched this vulnerability, but only after real-world attacks were discovered.
One Phishing Attempt Begets Another
Security researchers suspect that successful targeted phishing attempts can lead to follow-up attacks on the same user, and they’ll be more dangerous because the attacker can draw on personal information to sound more convincing.
You’re Probably Safe
The Usual Tips Still Apply
Aside from using antivirus software to sniff out attacks, Trend Micro recommends looking for spelling or grammatical errors to determine the trustworthiness of an e-mail source. If you click on an external link, pay attention to the URL; the page may look like it belongs to Google, Yahoo, or Microsoft, but the Web address will tell the truth. If you suspect an attack, check your e-mail settings to see if messages are being forwarded to other addresses. And if you use Gmail, you can enable two-step verification for added security.
Follow Jared on Facebook and Twitter for even more tech news and commentary.