Monday, September 16, 2024

Warning Goes Out on New Spam Attacks

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

IT managers are warned to be on the lookout to protect their company’s reputation, as well

as their users, from a new wave of spam aimed at stealing personal and financial

information.

The latest trend in spam and identity theft is called brand spoofing. The spam has no

traceable return address and appears to be sent from a large company seeking information

from its customers. Pretending to be a large business, say Sony, BestBuy or eBay, which has

a relationship with the user, the spammers ask for critical password, user names and credit

card information.

It’s both spam and identity theft. But now there’s a heightened level of sophistication to

the trickery being used to fool people into giving up critical personal information. And it

has the potential to not only empty people’s bank accounts but to sully a company’s

reputation.

”This is extremely dangerous,” says Susan Larson, vice president of global product content

at SurfControl Plc, a London-based Web and email filtering company. ”It’s like organized

crime on the Internet… They use the name of a large company and the idea is that with a

large spam attack, at least some of the people receiving the spam will have done business

with that bank or retailer or company. It gives it an air of legitimacy that is fooling

people.”

Larson says brand spoofing spam is generally looking for account information, passwords,

user names and credit card information. The spam recipient is usually asked to click on a

link to a page that has been doctored up to look like an official company page, or they’re

asked to send a reply email with the requested information.

”The idea of being able to completely mask who you are, being able to blast emails to large

numbers of people who might have a connection with these companies is all fairly devious,”

says Larson, adding that they first saw signs of brand spoofing in late February or March

but it’s since been picking up speed. ”They only have to get a very small hit to do some

damage and make some profit on this one.”

But the damage isn’t being limited to a consumer’s checkbook. Ray Everett-Church, chief

privacy officer for Philadelphia-based ePrivacy Group, Inc., says these new attacks are

quick to damage a company’s sacred name.

”Any time you have spam masquerading itself as coming from a legitimate source, it can

severely damage the brand name being spoofed,” says Everett-Church. ”This is a company’s

brand. This is their business… Anytime somebody is using your brand in a way they’re not

authorized to, it’s a problem.”

Everett-Church says IT managers need to be aware of the earliest warnings signs that

something is amiss.

”You have to be extremely vigilant in all of your customer-facing activities,” he notes.

”Be on the lookout for reports of strange emails — anything that might suggest your brand

is being spoofed. If you receive strange bounced emails, a lot of attempts to visit a Web

page on your site that doesn’t exist, or if people go first to a page deep in your Web site

without going to the homepage and navigating through, these are all telltale signs.”

Everett-Church recommends that IT managers sit down with business executives and compose an

email to customers. They should warn customers of the brand spoofing problem and make them

aware that they will never ask for people’s private information or passwords via email. Warn

them not to go to a Web site if they’re not entirely sure it belongs to the legitimate

organization. Educate customers about the company’s normal practices, and give them

easy-to-use feedback channels to report suspicious emails.

SurfControl’s Larson also recommends that IT managers make sure employees are educated about

spam and fraudulent emails.

”IT managers need to make employees cyber security aware and spam savvy,” says Larson, who

adds that a recent SurfControl survey showed that 90 percent of IT managers do not do any employee

education. ”Make them aware of the latest spam trends and make them aware of what

information they should never pass on.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles