Friday, November 26, 2010

Spear Phishing Attacks On The Rise

I am not usually one to jump on "the band waggon" and parrot what every other blogger is saying, but I am going to make an exception in this case because it is important - really, really important.

Within the high volume mail industry there are companies known as ESPs or Email Service Providers, who provide a platform for others to send mail through. Some of the biggest in the world are clients I work with and they help small to medium sized businesses send valuable mail to their clients and end users. These are not spammers, they are legitimate delivery platforms that provide a valuable service to legitimate clients. If your small business needed to send a product alert to 50,000 end users by email, you would probably use one of these services instead of spending thousands of dollars on your own mail system.

Here is the problem though. Some very bad people - lets call then "organized criminals" - have managed to inject a viral spear phishing attack into about 100 ESPs worldwide. The mail looks legitimate to the ESPs so they transport is as per their contracts. When you receive the mail, you may click on an embedded link that takes you to a third party web site that looks completely legitimate, but in the back ground this site is installing a virus into your computer that is designed to steal passwords and other important data.

I need to stress that this is NOT the fault of the ESPs or their clients, but rather a complex criminal act perpetrated by third parties. There is a very good article on the problem and the background in this following link so I wont rehash it myself in too much detail.

http://krebsonsecurity.com/2010/11/spear-phishing-attacks-snag-e-mail-marketers/

In a nutshell, do NOT click on ANY link in ANY email that you do not know has come from a trusted source. I received one of these myself and it looked like an update from a friend who had just been married and the link was to weddingphotos.net. That site actually looks legitimate, but in the background it tries to install malware that will steal your system passwords and try to install remote control software to your PC.


And here is another:

Dear Tom Mairs,

Stephanie just sent you an ecard from 123Greetings.com

You can view it by clicking here:

http://www.123greetings.com/send/view/2210394848736232

You can also copy & paste the above link into your browser's address bar.

Or if you prefer, you can go to http://www.123greetings.com/ and type your
ecard number (2210394848736232) in the "Search Box" at the top right of the page.

Your ecard is going to be with us for the next 30 days.

If you need any help in viewing your ecard or any other assistance,
please visit our Help/ FAQ section at: http://help.123greetings.com/

We hope you enjoy your ecard,

Your friends at 123Greetings.com
http://www.123greetings.com

We respect your privacy. You will not be receiving any promotional emails from us
because of this ecard. To view our privacy policy, click on the link below:
http://info.123greetings.com/company/privacy_policy.html

Note: This is an auto generated mail. Please do not reply.

If you have any other problem please contact us by clicking on the following link:
http://help.123greetings.com/contact_us.html

This email was sent by 123Greetings.com, Inc., 1674 Broadway, New York, NY 10019.



So please be very careful of anything you get in your email that does not look ligit - it probably is not.

No comments: