This breach occurred in February 2009, and Coca-Cola wasn't aware of it until the FBI informed the company in March. By then a great deal of sensitive data had been stolen. This was days before Coca-Cola's $2.4B attempt to purchase a Chinese soft drink manufacturer, which ultimately failed. It would have been the largest acquisition of a Chinese company by a foreign entity to date. There are conflicting reports as to why the acquisition failed, but at least one security organization claims it was due to critical information regarding strategy and pricing being leaked to the opposite side, which deprived Coca-Cola of the ability to negotiate the deal.
As mentioned earlier, the hack of the AP was impressive based solely on the sheer impact that one tweet had on the stock market.14 The way the attackers got in, however, was a simple spear phish that was sent to select AP staffers from what appeared to be a colleague (see Figure 1.5).
Figure 1.5 Associated Press spear phish
Although this e-mail is pretty vague, consider that it came from a “known” source and appeared to point to a legitimate page on The Washington Post site. Victims who clicked the link in the message were sent to a spoofed website that collected their login credentials. There's speculation that the spoofed site allowed victims to authenticate with their Twitter credentials, which led to the feed compromise.
Corporations are clearly as vulnerable to phishing as regular people are despite all of their technical controls and security policies. So what about phish that hit a little closer to home? The following section describes common examples that you may have seen.
We would be doing the topic of phishing a disservice if we didn't start with the Nigerian 419 scam. Also known as the advance-fee fraud, this con is apparently more than 200 years old in practice (as you can imagine, it took a lot longer to get scammed over snail mail, but it still happened). It gets its most modern name because of Nigeria's notoriety as supposedly being a large source of these scams. The number 419 refers to the Nigerian criminal code that addresses fraud.
You have probably seen a number of variations of this scam. For example, a rich prince has been deposed and needs your help in transferring his vast wealth, or a dying man is trying to make up for being generally unpleasant and needs your help in disbursing funds to charity organizations. Whatever the cover story, a few components are consistent:
• The amount of money in question is vast.
• They are trusting you, a complete stranger, to transfer, disburse, or hold the money.
• You get a cut for your trouble, but you need to do one of the following:
• Provide your bank account information so they can transfer the money
• Assist them by paying transfer fees, mostly due to some sort of precarious political or personal situation
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.