Spammers Turn to Oil Spill, Paul the Octopus and Phishing Live Chat

By Greg Day, EMEA Security CTO for Symantec | August 12, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.

The report found spammers changed focus from the World Cup and shifted back to current events like the oil spill and economy in July. While leveraging news headlines may be an old trick, fraudsters are always looking for new techniques to use in the hunt for users’ information. This month Symantec observed a phishing website spoofing an e-commerce brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.

The following trends are also all highlighted in the August 2010 report:

  • The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed.
  • Russia recently has been suffering from heat waves which also caused severe wildfires. Russian spammers took this opportunity to send spam promoting air-conditioners.
  • Paul the octopus has gained international fame as it correctly predicted the winner of Germany’s games at 2010 FIFA World Cup as well as the final. Spammers leveraged this “brand” and sent spam promoting his fortune telling advice.
  • Blank subject lines were the top spam subject line for the second month in a row, suggesting that spammers are finding that users respond to such messages

The full report can be found here:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-state_of_spam_and_phishing_report_08-2010.en-us.pdf

Paul

World Cup 2010 spam sees nine fold increase on Germany 2006

By admin | July 9, 2010 | Leave a Comment 

admin

Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.

The top 10 subject lines matching news headlines recently are:

  1. FIFA World Cup South Africa… bad news
  2. World Cup: Uruguay Beats South Korea 2-1
  3. Germany beats England 4-1 in World Cup
  4. ONGOING FIFA WORLD CUP LOTTERY SOUTH AFRICA 2010.
  5. World Cup: Germany Defeats England 4-1
  6. SOUTH AFRICAN WORLD CUP 2010.
  7. Oil spill teams keep wary eye on storm in Gulf
  8. World Cup: Argentina Beats Mexico 3-1
  9. Ghana beat US, reach first World Cup quarter-final
  10. World leaders slam North Korea, Iran

The following trends are also all highlighted in the July 2010 report:

  • Fraudulent gaming sites providing fake FIFA offers
  • Symantec analysts found that health-related online pharmacy image spam to be the be particularly difficult to curtail and dubbed Spamonster since despite being blocked by Symantec, it continues to show up in filters.
  • Symantec observed phishing websites spoofing Google’s social networking site Orkut. The phishing websites took advantage of the celebration of special occasions.
  • The top Subject line of the month was “Outlook Setup Notification.” Other top headlines include “Reset your Facebook password” and “Reset your Twitter password.”

Link to new report: State of Spam and Phishing

Shanghai to London – Spammers will be following the crowds

By Greg Day, EMEA Security CTO for Symantec | June 23, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Symantec’s security response team have found that Shanghai World Expo 2010 is the latest major world event to be hijacked by spammers. We’ve been monitoring several different variations of spam that uses World Expo keywords and email subjects to deliver their usual mix of fake promotions, products and services to unsuspecting web users.

With around 70 to 100 million visitors expected to turn up at the World Expo, it’s no surprise that spammers are attempting to take advantage of it. We saw the same thing with Vancouver Olympics, and are observing it right now with the World Cup, and the ticket. And as ticket registration for London 2012 has already begun, the UK could become the next prime target for these scams. To help you avoid the scammers, we’ve put together the following tips.

Do’s

  • Ensure when signing up to receive mail, that you verify what additional items you are opting into at the same time and de-select the ones you do not want to receive.
  • Unsubscribe from legitimate mailings that you no longer want to receive and be selective about the websites that you register your e-mail address on.
  • Avoid clicking on suspicious links in e-mail or IM messages. These may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
  • You must also make sure you delete any spam you receive. It is worthwhile considering a reputable antispam solution to handle your filtering, such as Symantec’s Brightmail messaging security family of solutions.

Don’ts

  • Do not open unknown e-mail attachments or spam messages. These attachments are what could potentially infect your computer.
  • Do not fill out forms with any personal or financial information or passwords. Reputable companies are unlikely to ask for your personal details via e-mail. If you are really unsure, get in touch with the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window and find out.
  • Never reply to spam as this could simply result in more spam.

 
Photo by Flickr user gustible, licensed under CC BY 2.0.

Phish and chips: Fast food junkies and British students targeted by scammers

By dominic_cook | May 13, 2010 | Leave a Comment 

dominic_cook

Spam-PhishingSymantec’s May State of Spam and Phishing report has identified an overall increase of 33% in phishing attacks in April compared to March. This included attacks on a major fast food brand, in which spam mails requested customer answers for a counterfeit satisfaction survey.

UK students came under attack with scammers phishing a UK government website and asking students for verification in order to process student loans, which involved the submission of bank details and account passwords.

Also this month, Symantec has noted a continued trend in dotted quad spam, which directs targets to a numbered IP address rather than a text URL. The volume more than tripled in April, compared to March. Spammers also appear to be increasing their delivery rate by combining this tactic with redirects, in order to bypass filters.

Other trends highlighted in the May 2010 report are:

• The top Subject line of the month, “Amazon.com Deal of the Day”, was used in an online pharmacy attack utilizing dotted quad URLs
• The EMEA region continues to expand its spam market share as the region sent 45.2 percent of worldwide spam in April. EMEA has grown its spam share over the last six months.

Dominic Cook

Spammers thrive on consumers’ economic insecurities

By admin | April 9, 2010 | Leave a Comment 

admin

Spam Phishing

Symantec’s April State of Spam and Phishing report highlights close ties between economic developments and malicious activity online

Mining the archives of its Global Intelligence Network, Symantec found the key spam headlines utilised over the course of the recession have closely mirrored the economic situation of its time – keeping spammers busy adapting to the frequently changing financial situation. Examples include:

  • October 2007 : Spammers Feed Off Housing Crisis
  • January 2008 : As Oil Prices Hike, Spammers Strike
  • February 2008 : Rising gas prices lead spammers to bio-fuel
  • June 2008 : Economic Climate Helps Fuel Spam Climate
  • August 2008 : Gas prices and foreclosures remain a focus
  • September 2008 : Job Seekers: Beware of Bogus Recruiting Ads bearing Viruses
  • November 2008: Economic bailout package & FDIC guarantee get the attention of some spammers
  • January 2009: Spammers Use the Recession to Enter Your Inbox
  • March 2009: Economic woes bring good tidings for spammers
  • April 2009: Spammers Rethink Their Mortgage Strategy
  • March 2010: Job offer spam signal an upturn in the economy

    •  

    When we looked at the top ten subject lines containing economic keywords, we can see that spammers tend to have an optimistic view of the economy with job offer spam among their top subject lines for the month. Examples of subject lines to be on the lookout for include ‘Get the Job fast this one’, ‘Finance Manager vacancy’ and ‘FW: Global job vacancy’.

    Monitoring the topics used by spammers offers us a unique insight into the changing concerns of consumers over the course of the recession. Criminals take advantage of peoples’ widespread concerns by exploiting them for financial gain.

    Amanda Grady

    Adult phishing scams go social

    By Greg Day, EMEA Security CTO for Symantec | February 15, 2010 | Leave a Comment 

    Greg Day, EMEA Security CTO for Symantec

    Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.

    The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.

    Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.

    Link to new report – State of Spam and Phishing

    Build It And They Will Come…

    By Guy Bunker | November 18, 2008 | Leave a Comment 

    Guy Bunker

    … Shut it down and they will go. McColo.com a hosting company has been shut down, and just why is this good news? Well, the amount of spam the world sees has dropped by 65% over the course of 24 hours. How do we know this, well at Symantec we monitor this type of thing! Unfortunately it won’t last, the spammers and botnet herders will move their operations quickly to somewhere else. However, the good news is that it is possible to make a significant dent in cyber-criminal operations by taking out the appropriate pieces.

    So, the battle this time has been won, but the war is far from over.

    There’s One Born Every Day…

    By Guy Bunker | November 10, 2008 | Leave a Comment 

    Guy Bunker

    How do we know… well, some researchers hijacked a spam network to find out. The figures were pretty amazing, only one response from every 12.5 million emails they send. Over the course of 26 days they had 28 takers… so one a day, or near enough.

    But… scaled up and out, that corresponds to a return of over £2million per year. Which is no small chunk of change.

    What to do? Well, let’s face it most people ignore spam but there are still a few who do respond to it. (The real threats are coming from other areas, such as viruses and browser based exploits.) But if you do get a spam email (1) don’t respond to it and (2) don’t ask to be taken ‘off the list’ – as this will guarantee you as a target – as you have just validated your email address… and the fact you read them!

     

    What Makes A Spam Trend?

    By Guy Bunker | August 21, 2008 | Leave a Comment 

    Guy Bunker

    Are the CNN and MSNBC spam emails that are going around at present a trend? Yes – this is an example of ‘brand jacking’, i.e. it leverages a popular and trusted brand. These particular examples also use another trend – current events. Eye-catching headlines around current events, particularly things like the Olympics and the US Presidential race, can make people click a link before they think about it - and when the email appears to come from a reputable sender, the likelihood of falling for it rapidly increases .

    We are getting much better at not opening attachments from users we don’t know so the spammers have moved on. Social engineering is the biggest weapon in the cyber-criminals’ arsenal and one of the easiest to beat. Rapid communication and education as to new threats is critically important. An email to staff on the new trend, just to make them think twice about clicking a link in an email is a worthwhile investment. All staff need to become security aware – it’s not just a job for IT.

    Spam, Spam, Spam, Spam – Not So Lov-er-ly Spam

    By Guy Bunker | August 11, 2008 | Leave a Comment 

    Guy Bunker

    Symantec released its latest report on spam. July’s results were a 12% increase, year-on-year, to 78% of all messages. As expected the ‘big’ public interest events are still a big trend, so the Olympics and the US presidential race are up there along with ones targeting people’s fears for the economy and the old favourites of losing weight and superfoods.

    One of the other trends that was ‘emerging’ before and is now becoming an increased trend is to hijack legitimate websites which then host the malware. Businesses should start looking, not just if their website is up-and-running but also that it hasn’t been silently hacked and is now being used as a tool for cyber-criminals. Cross site scripting has been in the news a lot over the past few months – companies cannot afford to think it won’t happen to them, they need to change their policies today to ensure that they do not become part of the problem.

    Next Page »