Using information apparently found on Linked-in, Facebook or other websites where detailed personal information can be found, scammers are sending highly personalized and convincing phishing emails to senior company executives, saying for instance, that there has been a Better Business Bureau or Equal Employment Opportunity Commission complaint (along with a case number) filed against their company, and asking the executive to respond to it. Once they do by clicking on the convenient link provided, the executive's computer is immediately compromised with software that logs all activity and send the information to the scammer. More than one executive has been torched.
Anyway, Part 2 of the San Jose Mercury News series on hacking is now available. The article starts off with the stats that 50% of the IRS employees who received phone calls in an audit test earlier this year, purportedly from the computer help desk, requesting their user names and suggesting they adopt a new password, provided the requested information. This was up from the 35% who did so in a similar test in 2004, and down from the 71% who did so in 2001.