Here’s an interesting new phishing scam:

Rather than posing as a bank or other online business, spear phishers send e-mails to employees at a company or government agency that appear to come from a powerful person within the organization, several security experts said…

…Unlike basic phishing attacks, which are sent out indiscriminately, spear phishers target only one organization at a time. Once they trick employees into giving up passwords, they can install Trojan horse programs or other malicious software to ferret out corporate or government secrets.

And this was interesting as well, which raises the issue of what constitutes an order from a commanding officer:

At the U.S. Military Academy in West Point, N.Y., several internal tests found that cadets were all too willing to give sensitive information to an attacker posing as a high-ranking officer, said Aaron Ferguson, a visiting faculty member there.

“It’s the ‘colonel effect.’ Anyone with the rank of colonel or higher, you execute the order first and ask questions later,” he said.

But if on the Internet, no one knows you’re a dog, how can you tell that someone is a colonel, let alone your colonel? There’s a long tradition of written orders having to be obeyed, but have emails acquired that attribute by default? If so, it may need to be rethought, given the nature of the technology.