

New spear-phishing attack on Facebook accounts - blurpin
http://www.forbes.com/sites/davidewalt/2012/08/29/facebook-spam-email-spear-phishing/

======
lutusp
There's a more common version of this attack, one that many people volunteer
for -- the multiple-recipient e-mail.

The worst kind of e-mail is one that has more than one visible recipient
address. If a system has been compromised, and the attacker can get his hands
on multiple-recipient e-mails, he can use them as the basis for a phishing
campaign in which he pretends to be one of the other recipients -- i.e. a
"friend" of the recipient.

The solution is to _never send an e-mail with more than one visible
recipient_. As it turns out, this is easier said than done -- people just
don't understand why multiple-recipient e-mails are dangerous. They also don't
understand that the remedy is simple -- just put the list of recipients in the
BCC (blind carbon copy) field of the e-mail client program, not the CC (carbon
copy) field. The former avoids disclosing the addresses of all the recipients
in each copy of the message.

More details: <http://arachnoid.com/opinion/help_the_crooks.html>

