Spam Spam Spam Spam…Now in different flavours.
There have been some interesting developments in the world of spam and malware in the past couple of weeks.
Various organisations1 that monitor internet traffic, have found an alarming increase in the amounts of spam, malware and phishing emails being sent out recently.
They also found that it was not just one type of spam either, there are a number of different ‘flavours’.
Remember the 419 email and letter scams? Typically from Iraq, South Africa or somewhere in West Africa, these advance-fee scams ask for your help to transfer money out of a country in return for a fee. The fraudster requests your bank details for the transfer, and takes the opportunity to empty your account! These scams still seem to be serving up a bad taste in their victims mouths, just when we thought they were off the menu.
There was an increase in the amount of ‘ransomware’ emails being dished out, containing a link which when you click on it allows the scammer to encrypt your files and data, essentially holding your files and data ‘hostage’ until you pay the ransom payment for their decryption. These been rather successful in the past, not only infecting individual’s machines, but also large organisations too. An American hospital got a taste of this and ended up paying thousands of dollars to get their files decrypted.
Scare stories have been emailed to customers of two credential services or password vaults, referring recipients to data breaches by LinkedIn and Tumblr. The emails purporting to be bone-fide support, informed people that their accounts had been hacked and that they needed to re-enter their personal details. These scam emails contained links which directed people to the hackers fake web site, serving up yet another phishing email attack.
There is also new type of fraud that is gaining notoriety, called BEC (Business Email Compromise). Estimates are that tens of thousands of people have been scammed and billions of dollars have been lost world wide. There is such a huge growth in this type of fraud that the FBI issued out a Public Service Announcement. This scam targets employees in an organisation, usually in finance, accounts or procurement, with a message purportedly from a senior finance or accounts manager requesting an urgent payment to be made to a supplier. When the employee takes the bait, the ‘senior manager’ will email and ask for the payment to be made to a different account – the scammers account.
Many of these scams require an increasingly elaborate amount of research and reconnaissance, combined with sophisticated social engineering. As the awareness of scam methods increases and protective measures are taken to avoid them, scammers are devising ever more ingenious ways to trick people. Some are conducting more research into their intended victims, to try to make their messages and requests more appealing.
Just like the canned meat, email spam isn’t going to go away anytime soon. So we all need to be aware and take care when opening attachments, clicking on links or receiving instructions from colleagues that appear to go outside the regular procedures.
Graeme Wolfe, Information and IT Security Officer, 27/06/2016
1 Cloudmark, IC3 and FBI