I've seen this before - it's generally not spear phishing though. What I've seen happen is that a person's webmail account gets owned, and the attacker uses the account to send that story to everyone in their address book.
They're really good, in some cases - I had an acquaintance who did business in Laos and Malaysia, and when I got that same email, I really had to think it through before I trashed it - the email claimed they had been traveling in that area and gotten mugged. - Chris On Tue, Mar 9, 2010 at 9:39 AM, PJ Velasco <[email protected]> wrote: > One of the guys I work with got an email from a person he used to know > real well years ago. The email claimed that the person was stuck in > the UK and needed money to come back home to the states. I thought > this was an interesting angle. Identify and research your target (as > usual), but instead of looking for current group memberships or > vendors you search classmates.com or other reunion type social > networking sites and craft an email using someone they used to go to > school with. Obviously this did not work on my coworker, but I > thought the list would find it interesting. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- - Chris Merkel
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
