By Steve Darrall, Practice Manager
You often hear about the dangers of general phishing attacks as well as targeted spear phishing attacks, but there can be a feeling that mainstream media will over hype these to the point that sometimes it feels as if the world’s falling in. Recently, one of our clients chose to see how effective a spear phishing attack would be against senior management. Read on for details of what we found.
Securus Global were engaged to identify a number of reports to a particular individual within our client (all senior IT management), send them all an e-mail, convince them to click on a link to a “malicious” site and provide some credentials. Sounds pretty hard doesn’t it? Especially as the targets are senior management in an IT division. What could possibly go wrong?The first phase of our engagement was to identify 14 reports to a particular senior manager. Through use of open source information that’s freely available on the Internet, we were able to identify 12 of the 14 individuals.