Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.
The report found spammers changed focus from the World Cup and shifted back to current events like the oil spill and economy in July. While leveraging news headlines may be an old trick, fraudsters are always looking for new techniques to use in the hunt for users’ information. This month Symantec observed a phishing website spoofing an e-commerce brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.
The following trends are also all highlighted in the August 2010 report:
- The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed.
- Russia recently has been suffering from heat waves which also caused severe wildfires. Russian spammers took this opportunity to send spam promoting air-conditioners.
- Paul the octopus has gained international fame as it correctly predicted the winner of Germany’s games at 2010 FIFA World Cup as well as the final. Spammers leveraged this “brand” and sent spam promoting his fortune telling advice.
- Blank subject lines were the top spam subject line for the second month in a row, suggesting that spammers are finding that users respond to such messages
The full report can be found here:
… What? A new browser-based threat has been created – just to show it can be done. However, rest assured, this will be used for real in the near future. It’s called Tabnapping… sort of like kidnapping, but with the tabs on your browser. The way it works is that you visit in infected site and when you navigate away from a tab, it changes the tab name and the content.
The social engineering at work here is that most people have multiple tabs in their browsers open at the same time – and they don’t really remember which is which (why would you?) so you click on the one you think you need (but it’s been tabnapped) and you reenter details… mistake! As for how easy is is… take a look at this page which shows how it works – then open another tab and wait 5 seconds and return to the old tab!
What to do? Well, the problem with these sorts of attacks is that they are tough to break as there are legitimate uses for the functionality used – think about auto-logout from online banking systems. So… the best way to combat it is to educate people as to the risk – send out an email today! (Of course, hopefully you will have anti-malware installed as well – which will help prevent you from going to dodgy sites etc…)
Symantec’s May State of Spam and Phishing report has identified an overall increase of 33% in phishing attacks in April compared to March. This included attacks on a major fast food brand, in which spam mails requested customer answers for a counterfeit satisfaction survey.
UK students came under attack with scammers phishing a UK government website and asking students for verification in order to process student loans, which involved the submission of bank details and account passwords.
Also this month, Symantec has noted a continued trend in dotted quad spam, which directs targets to a numbered IP address rather than a text URL. The volume more than tripled in April, compared to March. Spammers also appear to be increasing their delivery rate by combining this tactic with redirects, in order to bypass filters.
Other trends highlighted in the May 2010 report are:
• The top Subject line of the month, “Amazon.com Deal of the Day”, was used in an online pharmacy attack utilizing dotted quad URLs
• The EMEA region continues to expand its spam market share as the region sent 45.2 percent of worldwide spam in April. EMEA has grown its spam share over the last six months.
Football star David Beckham is the latest victim of a worrying scam by online fraudsters using the popular social networking phenomenon, Twitter, as a vehicle for spam advertising.
According to Candid Wueest, senior threat researcher at Symantec, the fraudsters create a fake Twitter account, often in the name of a celebrity, and then attempt to become followers of legitimate Twitter account holders.
“In this case, the false David – an online Chinese retailer – followed over a thousand accounts with a single common link – the account name contains the word ‘candid’.
“The credibility of the fake account is bolstered by other fraudulent accounts linking back to it and by cross-following legitimate Twitter accounts, which have been hacked,” he says.
Wueest confirms that this type of malicious activity is fast becoming common practice and adds that the rogue tweets often include short links pointing to infected websites.
“This proves that spammers are keeping abreast of new technologies. Twitter users are advised to carefully check out the details of all prospective followers and never to respond to ‘suspicious’ direct messages,” he says.
Peter G Rae
OK so I’ve worked for Symantec for quite a while now and I know that there are lots and lots of bad guys trying to fleece you and scam you, and I am fully prepared to accept I am as a result even more skeptical about any emails or calls I get. But I had a call last week from my credit card company which made me think.
It seems that my monthly statement was lost somehow and as a result I didn’t made a payment last month – now quite apart from the questionable customer service given this is the first time I’ve ever missed a payment, and it was just one month – I received a call from a call centre asking me to give them my bank account details so I could make the payment over the phone.
So if you got a similar call would you go ahead and give your details? They seemed to know who I was and had my account details and obviously my phone number….. But they seemed genuinely confused when I suggested that they might be scammers and how did I know they were from my credit card company at all? They simply couldn’t handle this line of questioning.
I even spoke to the ‘team leader’ and she just didn’t get it either!
So my advice is always, do not EVER respond to an un-solicited phone call or email asking for your bank details. ALWAYS question who it is who is contacting you and whether they are who they say they are. NEVER send or give your details to anyone until you have confirmed who they are. Be SKEPTICAL and yes a little PARANOID about any online or on the phone transactions because there are really bad people out there in the Underground Economy trying to scam and steal from you!
Oh and yes I did make my payment in the end, but I did it online via my banking site protected by the Norton 360 I run on my home PC. I’ll also be looking for a new credit card company who understand customer service and security!
Symantec’s April State of Spam and Phishing report highlights close ties between economic developments and malicious activity online
Mining the archives of its Global Intelligence Network, Symantec found the key spam headlines utilised over the course of the recession have closely mirrored the economic situation of its time – keeping spammers busy adapting to the frequently changing financial situation. Examples include:
When we looked at the top ten subject lines containing economic keywords, we can see that spammers tend to have an optimistic view of the economy with job offer spam among their top subject lines for the month. Examples of subject lines to be on the lookout for include ‘Get the Job fast this one’, ‘Finance Manager vacancy’ and ‘FW: Global job vacancy’.
Monitoring the topics used by spammers offers us a unique insight into the changing concerns of consumers over the course of the recession. Criminals take advantage of peoples’ widespread concerns by exploiting them for financial gain.
But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
Symantec’s March State of Spam and Phishing report has found that spammers are using recent car recalls as a premise to deliver spam messages and ‘phish’ personal details. Also this month, Symantec has noted a continued trend towards exploiting natural disasters with a high volume of spam and phishing linked to the Haiti and Chile earthquakes. Overall, phishing attacks increased by 16 per cent in March compared to February.
There have been several global product recalls from multiple car manufacturers recently which spammers have sought to exploit. The report uncovers examples where spammers try to trick the user to give up personal information by pretending to be a legal industry representative.
The world’s media have extensively covered the recent recalls from automotive manufacturers in the news. The interest from the public has been noticed by spammers who are tailoring phishing emails to benefit from the fear of car defects leading to accidents. By offering “free private case evaluation” and taking advantage of “sudden acceleration danger” spammers are instead collecting personal details for malicious use.
The following trends are also all highlighted in the March 2010 report:
- Spam from .cn URLs on the decline, .ru is on the rise
- A 12 per cent rise in phishing from non-English sites, attacks on Italian and French banks
- Online auction marketing tools under attack
Link to new report: State of Spam and Phishing http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_and_phishing_report_03-2010.en-us.pdf
The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.
Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.
Some of the most dangerous search terms (and the percentage of infected results) include:
- “Oscar 2010 Winners” – 60% infected
- “Music By Prudence” – 58% infected
- “Kathryn Bigelow height” – 48% infected
- “Sandra bullock Meryl Streep kiss” – 43% infected
Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
Two months into the New Year and we’re already starting to see a number of our 2010 cyber security predictions come true. At the start of the new decade, cybercriminals continue to be relentless in their pursuit of new and sophisticated attacks against consumers and enterprises.
Here are 10 serious facts about security that cannot be ignored in 2010:
- Cyber Attacks Hurt Businesses: 75 percent of enterprises have suffered a cyber attack in the past 12 months, losing an average of USD $2 million annually.
- Global Spam Shift: Asia Pacific and Japan and South America are taking spam share away from the traditional leaders of North America and EMEA.
- Malicious Activity Chart Topper: China is the top country for malicious activity, accounting for 25 percent of the global total.
- Credit Cards Are Number One Item for Sale: Credit Card information is the most commonly advertised item for sale on the underground economy, accounting for 18 percent of all goods and services.
- Banks Get Phished: 76 percent of brands used in phishing attacks in 2010 were in the financial sector.
- Out with Traditional Spam, in with Targeted Scams: The total number of scam and phishing messages came in at 21 percent of all spam, which is the highest level recorded since 2007.
- News Agenda Drives Attacks: The earthquake in Haiti sadly drove up the volume of scam and phishing messages as spammers used the tragic event for their benefit.
- Cybercriminals Follow the Masses: In Asia Pacific and Japan, the top web-based attack for Oct – Dec 2009 was related to the Microsoft® Internet Explorer® ADODB.Stream Object File Installation Weakness, which accounted for 41 percent of the total.
- Increasing Popularity of New Platforms will Drive New Attacks: Whilst an increase in iPad related search terms for SEO attacks and phishing attacks were observed during the Apple iPad launch.
- Cybercriminals After Information Rather than Infrastructures: Theft of intellectual property was reported as the top cyber loss for Singapore businesses.
Further details on the above statistics can be found in the below Symantec reports: