…Joshua Perrymon being the CEO of PacketFocus who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" in October of ‘09 – and “names” exactly which email security products and services failed to stop it.

The situation, according to an article published by DarkReading yesterday is:

“Perrymon sent his spoofed LinkedIn email -- which looked a lot like a real LinkedIn invite, except it spelled the social network "LinkedIN" in the "from" field of the message -- to a variety of users in different organizations who had agreed to participate in a test. The message read: "Bill Gates has indicated you are a fellow group member of Microsoft Security. I'd like to add you to my professional network on LinkedIn. - B. Gates."

He was able to get his spoofed message through to the recipients 100 percent of the time, and across a wide range of major email products and services in addition to the Microsoft and Cisco products, including users with GoDaddy's hosted email, Voltage, RackSpace/MailTrust hosted email, Webroot SaaS Email Security, Verizon Email Cloud Filtering with MessageLabs, a Linux and SpamAssassin configuration, SonicWall's Email Security appliance, LinuxMail with greylisting, Opera Mail, and Mozilla Thunderbird, according to a report that he will post online this week.”

A full report will be published on Perrymon’s site later this week.

In our book, this is insanity!  In a world where 87% of all email is spam, how have we not figured out a way to address these kinds of messages?  Why are email users still at the mercy of guessing machines?

Or, perhaps the better question is, why have we not adopted the technologies that do address these attacks?? More to come as this develops.