Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Portfolio Management Maturity Model at Chevron - Presentation & Discussion
November 13, 11:30 AM - 12:30 PM ET (GMT-4)
The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
April 14, 2008 — IDG News Service —
Panos Anastassiadis didn't click on the fake subpoena that popped into his inbox on Monday morning, but he runs a computer security company. Others were not so lucky.
In fact, security researchers say that thousands have fallen victim to an e-mail scam in which senior managers such as Anastassiadis are told that they have been sued in federal court and must click on a Web link to download court documents. Victims of the crime are taken to a phony Web site where they are told they need to install browser plug-in software to view the documents. That software gives the criminals access to the victim's computer.
This type of targeted e-mail attack, called "spear-phishing," is a variation on the more common "phishing" attack. Both attacks use fake e-mail messages to try to lure victims to malicious Web sites, but with spear-phishing the attackers try to make their messages more believable by including information tailored to the victim.
The e-mail sent to Anastassiadis, CEO of Cyveillance, included his name, company's name and even the correct phone number, said James Brooks, director of product management with the security vendor. "Given the nature of our business, he suspected something right away and forwarded it to our operations center."
However, Verisign's iDefense division has tracked more than 1,800 victims who clicked on the message. "This is probably one of the largest spear-phishing attacks we've seen to date in terms of number of victims," said Matt Richard, director of iDefense's Rapid Response Team.
Verisign believes that the criminals behind this scam are the same ones who launched an attack last month that used fake e-mails that appeared to be from the Better Business Bureau. And the U.S. courts have been warning computer users for years now of an ongoing scam where victims are told that they have failed to show up for jury duty and then asked to enter sensitive information into a phishing site.
"The malware itself is not particularly interesting. It was clever that it went straight to CEOs and it didn't really blast the whole world," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and volunteer at the Internet Storm Center.
"For someone who doesn't know what a legal document looks like, it kind of passes the smell test," he added. "When they see they've been subpoenaed, people panic and they click on things they shouldn't."
The mail directs the victim to a Web site that ends in "...uscourts.com" and is very similar to a legitimate .gov domain used by California courts, Bambenek said. The Web server delivering the malware is based in China, while the computer that then controls the victim's computer is based in Singapore.
Best Practices for Providing Secure and Cost-Effective Remote Access
They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers
Transform While Perform"
CIO Magazine Advertorial Series
The Three Pillars of Data Protection
The Case for A Specialized Security Platform
Building Competitive Advantage with Next-Generation Wireless Infrastructure
The New "Black Art." Learn why few companies do DNS well. Why fewer can scale it.
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
The Power of Telepresence
Virtualization in Action: Stories of real businesses that Virtualized their IT environments
The Power of Data Deduplication
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Google in Curious Alliance with Click-Fraud Detection Firm
Kernel Developers, Wall Street to Come Together
Ellison Strikes Bullish Tone At Shareholder Meeting
Yahoo Investor Proposal Unlikely to Push Microsoft
Ugandans Comment on 10 Years of ICT Regulation
Vodafone to Acquire 15 Percent More of Vodacom Group
Zoho Launches E-Mail App with Offline, Mobile Access
Mobile Penetration to Hit 95 Percent By 2013
UK Supermarket Uses IT to Cut Checkout Waits
Mobile Industry Split Over UMA Versus Femtocells
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
