Ever wonder what could possibly happen if you click on a link within an email you receive from an unknown and untrusted source? The U.S. Chamber of Commerce found out the hard way, many years after the fact. Read details about the spearphishing attack here.
It seems that an employee of this government branch was the victim of a "spearphishing" email back in 2009. "Spearphishing" is when an email is sent to a specific individual, rather than a general "phishing" email which casts a wide net to any user. The desired result of opening the email is that the user can be duped into clicking links or downloading spyware which is then used to gather personal information, such as passwords or bank account numbers. This employee either clicked a link within the email, or opened a document which did contain spyware and gave the hackers access to the servers.
Over the course of the next year, Chinese hackers were able to collect passwords which granted administrative rights. This then allowed the hackers to place additional software code, known as a "backdoor", onto the U.S. Chamber of Commerce's servers. This code would then allow the hackers to steal data.
The lesson here? If it's this easy to dupe a government employee into opening a document or clicking a link within an email, you, as a private citizen can be just as easily deceived into putting your own organization or your own personal information at risk. Anti-virus protection remains a must, even more so now than ever before. These types of attacks are becoming increasingly popular. ID thieves will stop at nothing to get any type of information they can use to commit fraud at any level.
The next time you receive an email from an untrusted source that wants you to click a link or open a document, "just say no." You have plenty of other junk mail to read.