An email attack disguised as an appeal to help missing children is targeting private computer networks says the local FBI, which issued a warning Monday about the spear-phishing scheme.
An email with the subject line “Search for Missing Children” appears to come from a trusted source—the National Center for Missing and Exploited Children, an organization founded in 1984 that has become the country’s clearinghouse on issues related to missing and sexually exploited children.
But, according to Special Agent Darrell Foxworth of the FBI’s San Diego Field Office, the zip file attached to the message contains malicious files in search of confidential data such as user names and passwords.
Criminals with such information might use it to create fake identities, steal intellectual property, and access financial accounts, according to the FBI.
Every organization is at risk of being the target of a spear-phishing attack, according to Foxworth. Email recipients should never open attachments or click link s in suspicious emails.
To protect propriety information against Internet crimes like spear-phishing, increased cyber security is being urged.
If you receive a suspicious email at work, the FBI says it should be reported to your organization in accordance with its security policy. Internet crime complaints can also report it to the FBI at ww.ic3.gov.
And the Department of Homeland Security recommends organizations take the following actions:
—Always treat unsolicited or unexpected e-mail containing attachments or links with caution, even (and perhaps especially) when the e-mail appears related to known events or projects.
—Monitor for and report on suspicious activity, such as spear phishing e-mails, leading up to significant events and meetings.
—Educate users about social engineering and e-mail phishing related to high-level events and meetings.
—Measure expected network activity levels so that changes in patterns can be more easily identified.