Email Phishing Casting Ever Longer Lines
By joesciallo on Mar 19, 2013
Think Spam Has Gone Away? Guess Again.
Osterman has another well-written post up, this time about the enhanced phishing technique referred to as "longline phishing." The term comes from commercial longline fishing, in which "...a main line of up to several miles in length contains hundreds or thousands of short lines with hooks, each loaded with their own bait." Email longline phishing tries to accomplish something similar by using high volumes, highly customized messages, and zero-day exploits that bypass existing anti-virus methodologies. As Osterman says:
"The genius behind the longline phishing attack is that a) volumes of any one message are extremely low, which makes recognition of these attacks difficult; b) overall volumes of messages received per potential victim are also low, often not triggering conventional anti-spam or anti-malware defenses; c) the attacks exploit vulnerabilities for which no defense is yet available; and d) botnets are used to distribute the attack across a wide range of sending IP addresses – one such attack, designed “Letter.htm” by Proofpoint, found in excess of 25,000 unique senders IPs in use."
Longline phishing is also particularly effective because "the perpetrators will compromise legitimate Web sites to
distribute malware in order to gain higher clickthrough rates from
Now, for you long-time savvy Unified Communications Suite administrators, this comes as no news. (Indeed, see my post from 2009: Email Phishing: Still a Big Problem.) But perhaps it has been a while since you have looked at your anti-spam setup and techniques, so as a reminder, I'll point you to the document, Protecting Against Spammers who Compromise Messaging Server User Accounts, for best practices on combating this issue.
And go read Osterman's entire article, it's worth it.