TechWorld: According to security vendor F-Secure, the devastating security breach at RSA may have resulted from a single phishing e-mail. A recruiter in the human resources department reportedly received an e-mail that read,”I forward this file to you for review. Please open and view it.” The employee retrieved the message from a junk mail folder and opened the attached Excel spreadsheet, which was titled, “2011 Recruitment plan.xls.” The file contained Flash attack code that the hackers used to gain access to RSA’s networks.
RSA would not confirm that the e-mail found by F-Secure was the actual phishing e-mail used in the attack.