SIMPLE BUT EFFECTIVE –
The quality of spear-phishing is getting better. A recent run shows how.
Dan Goodin – Apr , (8): (am UTC
Setting the campaign apart, the emails were mostly free of the typos, broken grammar, and other sloppiness that are typical phishes. The emails also reflected a sender who was well-acquainted with the business of energy production. A barrage of emails that started on March , for instance, purported to come from Engineering for Petroleum and Process Industries, a real Egyptian state oil company. Not your father’s spear-phishing
The sender invited the recipient to submit a bid for equipment and materials as part of a real ongoing project, known as the Rosetta Sharing Facilities Project, on behalf of Burullus, a gas joint venture that’s half-owned by another Egyptian state oil company. The email, which was sent to about 404 oil and gas companies over a week starting on March , attached two files that masqueraded as bidding conditions, forms, and a request for proposal. The relatively small number of emails demonstrates a narrow targeting of the carefully crafted campaign. By contrast, many phishing non-discriminately send tens of thousands emails.
GIPHY App Key not set. Please check settings