According to threat intelligence firm CloudStrike, Chinese cyber spies have been targeting think tanks, ostensibly to obtain information on the potential disruption of Chinese oil interests in Iraq. Spear-phishing, the act of sending an e-mail tailored to a specific individual (as opposed to e-mails sent out en masse to many different individuals, which is simply “phishing”) to fraudulently induce them to give away personal information such as their e-mail password, is hardly a new tactic; nor is the Chinese government the only group which has been accused of using it. In February 2014, the Syrian Electronic Army hacked into Forbes using the same tactic. In many cases, the true perpetrator of an attack is unclear, especially when Internet traffic is routed through the accused country.
I’m going to leave the finger-pointing to governments and the private firms that investigate such attacks. I will instead focus on how you can protect yourself against such attacks. While Continue reading How to Protect Yourself Against Spear-Phishing