Now, several U.S. oil companies report being victimized by spear phishing. According to a report in The Christian Science Monitor:
"The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable 'bid data' detailing the quantity, value, and location of oil discoveries worldwide. . . . The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information."
And again, there are concerns that China was involved in the attack.
Spear phishing isn't a new tactic, but it is one that that is sophisticated and is increasingly targeting companies that do business globally. One concern is that spear phishing attacks slip by spam filters and are so specially targeted that it is sometimes hard to tell what is real and what is spam.
Another problem is that the e-mails don't necessarily have an .exe file, according to the FBI: "On occasion, the self-executing file has appeared as other file types, e.g., .zip', .jpeg', etc."