We in security see slivers of this just about everyday. The Washington Post has an article titled Eastern European Cyber Criminals Target US Businesses. It’s the same old (spear) phishing scheme…with a little trojan or browser based exploit thrown in. As easy as it was to infect and defraud residential users, it’s apparently just as easy and more profitable if they target the place where you work. It’s really a twofer as the untold story here could lie in the status of the Comptroller or Treasurer’s personal finances when all was said and done.
Fraud via computer technology is a big money game. If you have money and use a computer consider yourself a target. Yes, it is that simple. From online shopping and online banking to social networking, everything you do online sprinkles little pieces of you and your money all over the web. Sure they use trojans/rootkits to gather the intelligence, but they have to get them on the machines in the first place and to do that you need to go phishing.
So please, think before you do anything online. They are after your money as much as your employer’s. Don’t open attachments you aren’t expecting….period. Confirm with the person purportedly sending it by phone or in person before opening it. Likewise, don’t click on links in e-mail. If you don’t know how to tell the real destination of a link in an e-mail, then don’t risk the click. Before logging into to pay bills ask yourself if your computer has had any issues lately? Blue screens? Errors or popups? If you’re not 100% certain your computer is clean, get help. The following won’t stop everything, but they’ll definitely help and they’re free.
Windows Live OneCare Safety Scanner (They rate a lot better than anyone is giving them credit for in detections of current threats.)
Be smart, because I promise you there are people much smarter than you who want your money…and you and your actions are the only thing standing in their way.