Spammers Turn to Oil Spill, Paul the Octopus and Phishing Live Chat

By Greg Day, EMEA Security CTO for Symantec | August 12, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.

The report found spammers changed focus from the World Cup and shifted back to current events like the oil spill and economy in July. While leveraging news headlines may be an old trick, fraudsters are always looking for new techniques to use in the hunt for users’ information. This month Symantec observed a phishing website spoofing an e-commerce brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.

The following trends are also all highlighted in the August 2010 report:

  • The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed.
  • Russia recently has been suffering from heat waves which also caused severe wildfires. Russian spammers took this opportunity to send spam promoting air-conditioners.
  • Paul the octopus has gained international fame as it correctly predicted the winner of Germany’s games at 2010 FIFA World Cup as well as the final. Spammers leveraged this “brand” and sent spam promoting his fortune telling advice.
  • Blank subject lines were the top spam subject line for the second month in a row, suggesting that spammers are finding that users respond to such messages

The full report can be found here:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-state_of_spam_and_phishing_report_08-2010.en-us.pdf

Paul

World Cup 2010 spam sees nine fold increase on Germany 2006

By admin | July 9, 2010 | Leave a Comment 

admin

Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.

The top 10 subject lines matching news headlines recently are:

  1. FIFA World Cup South Africa… bad news
  2. World Cup: Uruguay Beats South Korea 2-1
  3. Germany beats England 4-1 in World Cup
  4. ONGOING FIFA WORLD CUP LOTTERY SOUTH AFRICA 2010.
  5. World Cup: Germany Defeats England 4-1
  6. SOUTH AFRICAN WORLD CUP 2010.
  7. Oil spill teams keep wary eye on storm in Gulf
  8. World Cup: Argentina Beats Mexico 3-1
  9. Ghana beat US, reach first World Cup quarter-final
  10. World leaders slam North Korea, Iran

The following trends are also all highlighted in the July 2010 report:

  • Fraudulent gaming sites providing fake FIFA offers
  • Symantec analysts found that health-related online pharmacy image spam to be the be particularly difficult to curtail and dubbed Spamonster since despite being blocked by Symantec, it continues to show up in filters.
  • Symantec observed phishing websites spoofing Google’s social networking site Orkut. The phishing websites took advantage of the celebration of special occasions.
  • The top Subject line of the month was “Outlook Setup Notification.” Other top headlines include “Reset your Facebook password” and “Reset your Twitter password.”

Link to new report: State of Spam and Phishing

Shanghai to London – Spammers will be following the crowds

By Greg Day, EMEA Security CTO for Symantec | June 23, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Symantec’s security response team have found that Shanghai World Expo 2010 is the latest major world event to be hijacked by spammers. We’ve been monitoring several different variations of spam that uses World Expo keywords and email subjects to deliver their usual mix of fake promotions, products and services to unsuspecting web users.

With around 70 to 100 million visitors expected to turn up at the World Expo, it’s no surprise that spammers are attempting to take advantage of it. We saw the same thing with Vancouver Olympics, and are observing it right now with the World Cup, and the ticket. And as ticket registration for London 2012 has already begun, the UK could become the next prime target for these scams. To help you avoid the scammers, we’ve put together the following tips.

Do’s

  • Ensure when signing up to receive mail, that you verify what additional items you are opting into at the same time and de-select the ones you do not want to receive.
  • Unsubscribe from legitimate mailings that you no longer want to receive and be selective about the websites that you register your e-mail address on.
  • Avoid clicking on suspicious links in e-mail or IM messages. These may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
  • You must also make sure you delete any spam you receive. It is worthwhile considering a reputable antispam solution to handle your filtering, such as Symantec’s Brightmail messaging security family of solutions.

Don’ts

  • Do not open unknown e-mail attachments or spam messages. These attachments are what could potentially infect your computer.
  • Do not fill out forms with any personal or financial information or passwords. Reputable companies are unlikely to ask for your personal details via e-mail. If you are really unsure, get in touch with the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window and find out.
  • Never reply to spam as this could simply result in more spam.

 
Photo by Flickr user gustible, licensed under CC BY 2.0.

Phish and chips: Fast food junkies and British students targeted by scammers

By dominic_cook | May 13, 2010 | Leave a Comment 

dominic_cook

Spam-PhishingSymantec’s May State of Spam and Phishing report has identified an overall increase of 33% in phishing attacks in April compared to March. This included attacks on a major fast food brand, in which spam mails requested customer answers for a counterfeit satisfaction survey.

UK students came under attack with scammers phishing a UK government website and asking students for verification in order to process student loans, which involved the submission of bank details and account passwords.

Also this month, Symantec has noted a continued trend in dotted quad spam, which directs targets to a numbered IP address rather than a text URL. The volume more than tripled in April, compared to March. Spammers also appear to be increasing their delivery rate by combining this tactic with redirects, in order to bypass filters.

Other trends highlighted in the May 2010 report are:

• The top Subject line of the month, “Amazon.com Deal of the Day”, was used in an online pharmacy attack utilizing dotted quad URLs
• The EMEA region continues to expand its spam market share as the region sent 45.2 percent of worldwide spam in April. EMEA has grown its spam share over the last six months.

Dominic Cook

Spammers thrive on consumers’ economic insecurities

By admin | April 9, 2010 | Leave a Comment 

admin

Spam Phishing

Symantec’s April State of Spam and Phishing report highlights close ties between economic developments and malicious activity online

Mining the archives of its Global Intelligence Network, Symantec found the key spam headlines utilised over the course of the recession have closely mirrored the economic situation of its time – keeping spammers busy adapting to the frequently changing financial situation. Examples include:

  • October 2007 : Spammers Feed Off Housing Crisis
  • January 2008 : As Oil Prices Hike, Spammers Strike
  • February 2008 : Rising gas prices lead spammers to bio-fuel
  • June 2008 : Economic Climate Helps Fuel Spam Climate
  • August 2008 : Gas prices and foreclosures remain a focus
  • September 2008 : Job Seekers: Beware of Bogus Recruiting Ads bearing Viruses
  • November 2008: Economic bailout package & FDIC guarantee get the attention of some spammers
  • January 2009: Spammers Use the Recession to Enter Your Inbox
  • March 2009: Economic woes bring good tidings for spammers
  • April 2009: Spammers Rethink Their Mortgage Strategy
  • March 2010: Job offer spam signal an upturn in the economy

    •  

    When we looked at the top ten subject lines containing economic keywords, we can see that spammers tend to have an optimistic view of the economy with job offer spam among their top subject lines for the month. Examples of subject lines to be on the lookout for include ‘Get the Job fast this one’, ‘Finance Manager vacancy’ and ‘FW: Global job vacancy’.

    Monitoring the topics used by spammers offers us a unique insight into the changing concerns of consumers over the course of the recession. Criminals take advantage of peoples’ widespread concerns by exploiting them for financial gain.

    Amanda Grady

    And the Academy Award for the most dangerous search term goes to…

    By abigail_lovell | March 10, 2010 | Leave a Comment 

    abigail_lovell

    The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.

    Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.

     Some of the most dangerous search terms (and the percentage of infected results) include:

    • “Oscar 2010 Winners” – 60% infected
    • “Music By Prudence” – 58% infected
    • “Kathryn Bigelow height” – 48% infected
    • “Sandra bullock Meryl Streep kiss” – 43% infected

    Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
     
    When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
     
    Abigail Lovell

    Photo by Flickr user Zadi Diaz, licensed under CC BY 2.0.

    Adult phishing scams go social

    By Greg Day, EMEA Security CTO for Symantec | February 15, 2010 | Leave a Comment 

    Greg Day, EMEA Security CTO for Symantec

    Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.

    The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.

    Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.

    Link to new report – State of Spam and Phishing

    Phishing fraudsters target global companies for an estimated €3 million

    By dominic_cook | February 4, 2010 | Leave a Comment 

    dominic_cook

    The BBC has posted a story about a major phishing scam which has targeted the global carbon market. An estimated 250,000 permits worth around €3 million have been stolen this week forcing emissions trading registries in several EU countries to close on Tuesday.

    Up until now phishing scams have been more commonly associated with consumers but criminals are increasingly turning to the private sector.

    Businesses need to get serious about training staff on the risks of phishing attacks. There is a natural tendency for workers to click without thinking when using a work computer and this scam has brought home the very real risks.

    Dominic Cook

    Phishing For The President

    By Guy Bunker | January 20, 2009 | Leave a Comment 

    Guy Bunker

    So today the US gets a new President – but I guess you know that! However, there has also been an increase in phishing around the event. Especially trying to sensationalize the news by indicating that Obama might not take up his post or similar. Remember, the sole goal of the phisher is to pique your interest and get you to click on a link – and then infect you with something to steal your confidential information. So, if you receive email, tweets, instant messenger alerts surrounding the president elect then think twice before clicking on them.

    I’m Rich…

    By Guy Bunker | June 2, 2008 | 1 Comment 

    Guy Bunker

    … OK, so there is a few flaw in the plan, namely that I need to reply to someone in Singapore who has discovered some dormant investment accounts and I can get 25% if I help them get at the money. All sounds too familiar? Yes, it is that old phishing scam that we know and love however the twist here is that the letter arrived to my home address – it’s the same words as you would find in the ‘traditional’ email variety, just printed out and put in an envelope.

    I wonder how many people will fall for this version… none I hope… and in the mean time it will cost the scammers the price of printing and posting – with luck they will be out of business shortly.

     

    Next Page »