Bloomberg is reporting that the International Monetary Fund (“IMF”) has been infiltrated, probably by a spear-phishing attack. Spear-phishing is a scheme of deception in which the perpetrator uses personalized information about the email recipient to heighten the perceived value of the email’s call to action, thereby inducing the recipient to take detrimental action.
Bloomberg reports that a large quantity of data, including documents and emails, had been compromised. The Bloomberg article cites one IMF memo which said that the IMF had disconnected its network connection to the World Bank as the result of the attack.
Bloomberg reports that on June 1, 2011, the IMF technology staff sent a warning to employees that they should not open emails and videolinks without authenticating the source. No doubt, this is good advice — but how does someone authenticate the source of an email? Research has demonstrated the ineffectivness of security built upon users’ careful interaction with email.
In response to schemes such as this, Iconix has released SP Guard.
SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm. Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:
SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard is available now from Iconix.
To learn more, visit us at http://www.iconix.com/business/spearphishing.php.