Warning Goes Out on New Spam Attacks

IT managers are warned to be on the lookout to protect their company’s reputation, as well

as their users, from a new wave of spam aimed at stealing personal and financial

information.

The latest trend in spam and identity theft is called brand spoofing. The spam has no

traceable return address and appears to be sent from a large company seeking information

from its customers. Pretending to be a large business, say Sony, BestBuy or eBay, which has

a relationship with the user, the spammers ask for critical password, user names and credit

card information.

It’s both spam and identity theft. But now there’s a heightened level of sophistication to

the trickery being used to fool people into giving up critical personal information. And it

has the potential to not only empty people’s bank accounts but to sully a company’s

reputation.

”This is extremely dangerous,” says Susan Larson, vice president of global product content

at SurfControl Plc, a London-based Web and email filtering company. ”It’s like organized

crime on the Internet… They use the name of a large company and the idea is that with a

large spam attack, at least some of the people receiving the spam will have done business

with that bank or retailer or company. It gives it an air of legitimacy that is fooling

people.”

Larson says brand spoofing spam is generally looking for account information, passwords,

user names and credit card information. The spam recipient is usually asked to click on a

link to a page that has been doctored up to look like an official company page, or they’re

asked to send a reply email with the requested information.

”The idea of being able to completely mask who you are, being able to blast emails to large

numbers of people who might have a connection with these companies is all fairly devious,”

says Larson, adding that they first saw signs of brand spoofing in late February or March

but it’s since been picking up speed. ”They only have to get a very small hit to do some

damage and make some profit on this one.”

But the damage isn’t being limited to a consumer’s checkbook. Ray Everett-Church, chief

privacy officer for Philadelphia-based ePrivacy Group, Inc., says these new attacks are

quick to damage a company’s sacred name.

”Any time you have spam masquerading itself as coming from a legitimate source, it can

severely damage the brand name being spoofed,” says Everett-Church. ”This is a company’s

brand. This is their business… Anytime somebody is using your brand in a way they’re not

authorized to, it’s a problem.”

Everett-Church says IT managers need to be aware of the earliest warnings signs that

something is amiss.

”You have to be extremely vigilant in all of your customer-facing activities,” he notes.

”Be on the lookout for reports of strange emails — anything that might suggest your brand

is being spoofed. If you receive strange bounced emails, a lot of attempts to visit a Web

page on your site that doesn’t exist, or if people go first to a page deep in your Web site

without going to the homepage and navigating through, these are all telltale signs.”

Everett-Church recommends that IT managers sit down with business executives and compose an

email to customers. They should warn customers of the brand spoofing problem and make them

aware that they will never ask for people’s private information or passwords via email. Warn

them not to go to a Web site if they’re not entirely sure it belongs to the legitimate

organization. Educate customers about the company’s normal practices, and give them

easy-to-use feedback channels to report suspicious emails.

SurfControl’s Larson also recommends that IT managers make sure employees are educated about

spam and fraudulent emails.

”IT managers need to make employees cyber security aware and spam savvy,” says Larson, who

adds that a recent SurfControl survey showed that 90 percent of IT managers do not do any employee

education. ”Make them aware of the latest spam trends and make them aware of what

information they should never pass on.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020