 |
|
News - Spear Phishing... Am I safe?
June 01, 2009 - Am I safe? .... that was the email that came over from one of our clients. The email contained only a link to a news story posted in the Boston Globe. Based on my brief glance at URL and the words "theft_alarms_experts", I assumed it was yet another corporate horror story involving compromised credit card data. Much to my surprise a new spin on a long-time threat was center stage. Monster.com had more than one million of their customers email addresses stolen.
Oh how crafty and dangerous, these email scammers have become.
These email addresses could be targeted by phony "phishing" messages appearing to come from Monster. Because the recipients already had dealings with Monster, they would be more likely to follow the instructions in the messages. It's called "spear-phishing," the careful targeting of phishing messages to those most likely to be fooled by them. I like to refer to it as "shooting phish in a barrel".
Oh the humanity of it all.
The scammers didn't try to turn an immediate profit from the stolen email addresses. Rather they used this information to carry out their real scam. The victims received messages that appeared to have come from Monster. Nothing unusual, they are customers of Monster and are used to receiving such emails. This is just the affinity that attacker is looking to exploit. The victims would then click on embedded links that install malicious software on the users' computers. One such program captured the users' passwords to online bank accounts; another locked vital files on the computer and demanded money in exchange for the key.
So, here I sat reading the threat and wondered how to answer our client's simply stated question; "Am I safe?". I share with you my reply:
If my crystal ball was working I would put it to use determining tonight’s Powerball numbers....
It is difficult to ever talk about future safety when it comes to network / Internet security. It truly requires continually monitoring and diligence. The TrustKeeper scans and our weekly monitoring is helping against attacks on our hardware and applications.
Unfortunately the article you sent over describes a practice called phishing. It is difficult to stop with our current defensive strategy. All it requires is a scammer to create an email offer similar to your current email blasts and send it out to your existing distribution list. The offer tricks the reader into providing personal information (knowingly and unknowingly). Simply click on the wrong link and you may be installing a malicious software capable of transmitting information such as your online banking passwords. This information is then used for identity theft and credit card fraud.
Scared? You should be. There should be great cause for concern.
Your company is a prime target for such activities for a couple of reasons. One, you have a recognizable brand. Two, you have an e-commerce presence and frequently offer email promotions.
Solution:
There maybe no easy fix, but there are steps to prevent exposure to these scam.
Educate your customers! You may not be able to prevent others from getting trapped but you can certainly educate your current clients. EBay does a very good job of educating their customer base.
http://pages.ebay.com/help/confidence/spoof-email.html
Oh how crafty and dangerous, these email scammers have become.
These email addresses could be targeted by phony "phishing" messages appearing to come from Monster. Because the recipients already had dealings with Monster, they would be more likely to follow the instructions in the messages. It's called "spear-phishing," the careful targeting of phishing messages to those most likely to be fooled by them. I like to refer to it as "shooting phish in a barrel".
Oh the humanity of it all.
The scammers didn't try to turn an immediate profit from the stolen email addresses. Rather they used this information to carry out their real scam. The victims received messages that appeared to have come from Monster. Nothing unusual, they are customers of Monster and are used to receiving such emails. This is just the affinity that attacker is looking to exploit. The victims would then click on embedded links that install malicious software on the users' computers. One such program captured the users' passwords to online bank accounts; another locked vital files on the computer and demanded money in exchange for the key.
So, here I sat reading the threat and wondered how to answer our client's simply stated question; "Am I safe?". I share with you my reply:
If my crystal ball was working I would put it to use determining tonight’s Powerball numbers....
It is difficult to ever talk about future safety when it comes to network / Internet security. It truly requires continually monitoring and diligence. The TrustKeeper scans and our weekly monitoring is helping against attacks on our hardware and applications.
Unfortunately the article you sent over describes a practice called phishing. It is difficult to stop with our current defensive strategy. All it requires is a scammer to create an email offer similar to your current email blasts and send it out to your existing distribution list. The offer tricks the reader into providing personal information (knowingly and unknowingly). Simply click on the wrong link and you may be installing a malicious software capable of transmitting information such as your online banking passwords. This information is then used for identity theft and credit card fraud.
Scared? You should be. There should be great cause for concern.
Your company is a prime target for such activities for a couple of reasons. One, you have a recognizable brand. Two, you have an e-commerce presence and frequently offer email promotions.
Solution:
There maybe no easy fix, but there are steps to prevent exposure to these scam.
- Try to keep legitimate email addresses off your website. Many phishers will use these perfectly valid email addresses as the “from” address in their scams. Fortunately you currently do a good job of using web forms rather than posting email address on your sites.
- Protect your email lists!!!! It is one thing is a phisher is scamming a large list of addresses that are not tied directly to your customer base. It is a total different scenario if they are able to get a hold of your real customer email list. It would be like “shooting phish in a barrel”. Your very loyal customer base would think nothing of clicking on the incoming offer.
- Know your affiliate partners!!!! Last year we raised concern regarding your affiliate partner sites that were masking their identity and portraying themselves AS your company and NOT AS a partner. The concern was from a branding perspective. However, if we do not know who are real partners are, we can’t identify those setting up scam pages.
- Review Web Traffic Stats. Look deep into the site referrers, not just the top 10 major players. It is here that you may find one or two referrers coming from suspicious sources. All it takes is one real link to your site left in a poorly constructed phishing email or scam landing page to provide you with a clue as to the activity.
Educate your customers! You may not be able to prevent others from getting trapped but you can certainly educate your current clients. EBay does a very good job of educating their customer base.
http://pages.ebay.com/help/confidence/spoof-email.html
|
©2010 Getfused, Inc. All rights reserved. | Contact Us | Client Upload | Terms & Conditions of Use |