Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.
The report found spammers changed focus from the World Cup and shifted back to current events like the oil spill and economy in July. While leveraging news headlines may be an old trick, fraudsters are always looking for new techniques to use in the hunt for users’ information. This month Symantec observed a phishing website spoofing an e-commerce brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.
The following trends are also all highlighted in the August 2010 report:
- The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed.
- Russia recently has been suffering from heat waves which also caused severe wildfires. Russian spammers took this opportunity to send spam promoting air-conditioners.
- Paul the octopus has gained international fame as it correctly predicted the winner of Germany’s games at 2010 FIFA World Cup as well as the final. Spammers leveraged this “brand” and sent spam promoting his fortune telling advice.
- Blank subject lines were the top spam subject line for the second month in a row, suggesting that spammers are finding that users respond to such messages
The full report can be found here:
Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.
The top 10 subject lines matching news headlines recently are:
- FIFA World Cup South Africa… bad news
- World Cup: Uruguay Beats South Korea 2-1
- Germany beats England 4-1 in World Cup
- ONGOING FIFA WORLD CUP LOTTERY SOUTH AFRICA 2010.
- World Cup: Germany Defeats England 4-1
- SOUTH AFRICAN WORLD CUP 2010.
- Oil spill teams keep wary eye on storm in Gulf
- World Cup: Argentina Beats Mexico 3-1
- Ghana beat US, reach first World Cup quarter-final
- World leaders slam North Korea, Iran
The following trends are also all highlighted in the July 2010 report:
- Fraudulent gaming sites providing fake FIFA offers
- Symantec analysts found that health-related online pharmacy image spam to be the be particularly difficult to curtail and dubbed Spamonster since despite being blocked by Symantec, it continues to show up in filters.
- Symantec observed phishing websites spoofing Google’s social networking site Orkut. The phishing websites took advantage of the celebration of special occasions.
- The top Subject line of the month was “Outlook Setup Notification.” Other top headlines include “Reset your Facebook password” and “Reset your Twitter password.”
Link to new report: State of Spam and Phishing
Symantec’s security response team have found that Shanghai World Expo 2010 is the latest major world event to be hijacked by spammers. We’ve been monitoring several different variations of spam that uses World Expo keywords and email subjects to deliver their usual mix of fake promotions, products and services to unsuspecting web users.
With around 70 to 100 million visitors expected to turn up at the World Expo, it’s no surprise that spammers are attempting to take advantage of it. We saw the same thing with Vancouver Olympics, and are observing it right now with the World Cup, and the ticket. And as ticket registration for London 2012 has already begun, the UK could become the next prime target for these scams. To help you avoid the scammers, we’ve put together the following tips.
- Ensure when signing up to receive mail, that you verify what additional items you are opting into at the same time and de-select the ones you do not want to receive.
- Unsubscribe from legitimate mailings that you no longer want to receive and be selective about the websites that you register your e-mail address on.
- Avoid clicking on suspicious links in e-mail or IM messages. These may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
- You must also make sure you delete any spam you receive. It is worthwhile considering a reputable antispam solution to handle your filtering, such as Symantec’s Brightmail messaging security family of solutions.
- Do not open unknown e-mail attachments or spam messages. These attachments are what could potentially infect your computer.
- Do not fill out forms with any personal or financial information or passwords. Reputable companies are unlikely to ask for your personal details via e-mail. If you are really unsure, get in touch with the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window and find out.
- Never reply to spam as this could simply result in more spam.
Symantec’s May State of Spam and Phishing report has identified an overall increase of 33% in phishing attacks in April compared to March. This included attacks on a major fast food brand, in which spam mails requested customer answers for a counterfeit satisfaction survey.
UK students came under attack with scammers phishing a UK government website and asking students for verification in order to process student loans, which involved the submission of bank details and account passwords.
Also this month, Symantec has noted a continued trend in dotted quad spam, which directs targets to a numbered IP address rather than a text URL. The volume more than tripled in April, compared to March. Spammers also appear to be increasing their delivery rate by combining this tactic with redirects, in order to bypass filters.
Other trends highlighted in the May 2010 report are:
• The top Subject line of the month, “Amazon.com Deal of the Day”, was used in an online pharmacy attack utilizing dotted quad URLs
• The EMEA region continues to expand its spam market share as the region sent 45.2 percent of worldwide spam in April. EMEA has grown its spam share over the last six months.
Symantec’s April State of Spam and Phishing report highlights close ties between economic developments and malicious activity online
Mining the archives of its Global Intelligence Network, Symantec found the key spam headlines utilised over the course of the recession have closely mirrored the economic situation of its time – keeping spammers busy adapting to the frequently changing financial situation. Examples include:
When we looked at the top ten subject lines containing economic keywords, we can see that spammers tend to have an optimistic view of the economy with job offer spam among their top subject lines for the month. Examples of subject lines to be on the lookout for include ‘Get the Job fast this one’, ‘Finance Manager vacancy’ and ‘FW: Global job vacancy’.
Monitoring the topics used by spammers offers us a unique insight into the changing concerns of consumers over the course of the recession. Criminals take advantage of peoples’ widespread concerns by exploiting them for financial gain.
But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
Symantec’s March State of Spam and Phishing report has found that spammers are using recent car recalls as a premise to deliver spam messages and ‘phish’ personal details. Also this month, Symantec has noted a continued trend towards exploiting natural disasters with a high volume of spam and phishing linked to the Haiti and Chile earthquakes. Overall, phishing attacks increased by 16 per cent in March compared to February.
There have been several global product recalls from multiple car manufacturers recently which spammers have sought to exploit. The report uncovers examples where spammers try to trick the user to give up personal information by pretending to be a legal industry representative.
The world’s media have extensively covered the recent recalls from automotive manufacturers in the news. The interest from the public has been noticed by spammers who are tailoring phishing emails to benefit from the fear of car defects leading to accidents. By offering “free private case evaluation” and taking advantage of “sudden acceleration danger” spammers are instead collecting personal details for malicious use.
The following trends are also all highlighted in the March 2010 report:
- Spam from .cn URLs on the decline, .ru is on the rise
- A 12 per cent rise in phishing from non-English sites, attacks on Italian and French banks
- Online auction marketing tools under attack
Link to new report: State of Spam and Phishing http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_and_phishing_report_03-2010.en-us.pdf
It is certainly powerful stuff to see on national TV the perpetrator of a diabolical scam running in terror when confronted by a BBC camera crew – http://news.bbc.co.uk/1/hi/uk/8517243.stm after they traced him to Spain.
Allegedly, according to the BBC, this ‘gentleman’ was involved in yet another of the numerous scams and hoaxes trying to get well intentioned people to give their hard earned money to what they think it a worthy charity – in this case to support the needy in Haiti following the disastrous earthquake last month – but actually it is going to criminals.
But as we have warned repeatedly, this sort of scam is all too common. Whether it be the death of a well-known celebrity, like Michael Jackson last year; or rumours of the death or injury of a star like Johnny Depp earlier this year; or indeed the outpouring of support when the poorest in the world suffer disasters like in Haiti; criminals are all to quick to capitalise and scam or con the unwary.
Indeed just this week, in the latest Symantec Spam and Phishing Report, we highlighted that spammers were using the Haiti disaster to scam people within 24hours of the news breaking. They started with ’419 type spam’, asking users to donate money to a charity. When users send their donation, the money disappears into an offshore bank account.
Then we saw spammers taking advantage of this tragedy to deliver malware. They sent out links to apparent video footage regarding the tragedy to lure people in, but when the user clicks on the link to view the video, a Trojan is downloaded instead.
- Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed, or fake, Web sites.
- Never fill out forms in messages that ask for personal or financial information or passwords. A reputable charitable organization is unlikely to ask for your personal details via email. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Inter-net address that you type into a new browser window (do not click or cut and paste from a link in the message).
Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.
The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.
Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.
Link to new report – State of Spam and Phishing
Cybercriminals can’t wait for the 2010 Vancouver Winter Olympic Games to get underway tonight. No, spamming, hacking and creating botnets haven’t become an Olympic sport, but these malicious attackers are greatly anticipating the millions of followers who will be going online to watch events, read news and obtain updates on the Games.
Key sporting events such as the Vancouver Olympics and the 2010 Football World Cup provide the perfect scenario to dupe victims around the world with Olympics-related spam emails, phishing attacks and other nasty Web tricks – with the sole purpose being to steal personal information and identities. Symantec anticipates seeing a rise in cybercrime activity during the 2010 Winter Games since, as is common surrounding high-profile events.
During the 2008 Beijing Olympic Games, spammers enticed users with newsworthy subject lines to open email messages prompting them to click on links hosting malware.
A few of those subject lines included:
• Are Chinese gymnasts too young for Olympics?
• Beijing Olympics cancelled
• Beijing postpones Olympics due to McCain-Dalai Lama meeting
To avoid being a victim during the 2010 Games, Symantec urges you to follow these best practices:
• Purchasing Official Olympic Tickets – When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
• If it sounds too good to be true, it probably is – Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
• Use caution when clicking links from within emails or IM messages – Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full website URL, such as www.YouTube.com, into your Web browser.
• Never fill out forms in messages – Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
• Update your computer – Have a hacker –free Olympic experience by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.