I spent the last 2 days at an Information Security Seminar. There were a lot of great presentations on a variety of interesting topics. One of the topics that really got me thinking was spear-phishing. Spear-phishing is a phishing attack that is targeted. The e-mail typically comes from an organization you are affiliated with, and it includes enough personal information to make it seem legitimate. If you click on the link, you might even end up at their web site, but first you are going to take a detour to a site that will take control of your workstation. Spear-phishing attacks are often directed at executives, but DBAs could be a lucrative target. DBAs typically have administrative privileges on their workstations, which just makes the attack more effective. Once they have control of your machine, chances are they have access to your database servers, especially if you are saving your credentials in Enterprise Manager or eXceed (and if you are, please go delete them right now!).

The best way to protect yourself from any kind of phishing attack is to not follow links embedded in e-mails, even if you are pretty sure the e-mail is legitimate. If you do feel compelled to follow a link, before you do so, place the cursor over the link and check the URL that appears at the bottom of the e-mail client very carefully. Is it really the web site you want to visit, or does the domain contain extra characters, for example http://special.offer.oracle.com.someserver.ru. Attackers typically use a legitimate e-mail as a template, so the message will look real. While I’m not aware of anyone targeting DBAs, I can see how easy it would be to send a fake TAR update. I don’t know about you, but I don’t remember the TAR numbers. I would totally fall for that one, or I would have until today. Now instead of clicking the link, I’m going to login to Metalink and access it that way.

Check out this link for more information about spear-phishing, and a scam that appeared to be an e-mail from tax court, http://blogs.zdnet.com/security/?p=1032