I have mentioned many times that the cyber criminals “aim” their money-generating malware to the largest targets. They prey on Facebook, Twitter, LinkedIn, and Digg because that’s where the largest number of potential successful attacks reside…no, I didn’t say “suckers”, but if the shoe fits, wear it. They are a smart bunch who seem to be one step ahead of most computer users in their tactics, most of which are extremely clever and enticing. Their latest tactic is no different. A recent analysis by Commtouch security analysts uncovered substantial blending of big brand names with malware. These emails from big name companies get a user’s attention, particularly if it refers to an unpaid balance, a bill summary, or a registration confirmation.
“It’s clear that attackers continue to increasingly exploit the comfort level that people have gained with big online brands – and they’re doing so in craftier and craftier ways,” said Haniel Ilouz, vice president of global engineering at Commtouch.
“Not only are easily recognized brands utilized, but clever fake collaboration between sites such as Facebook and Digg show the ever-innovative approaches attackers deploy,” he added.
Their findings for the following top seven brands illustrates this point:
Amazon – Order confirmation emails that didn’t describe the order, but only the balance
AT&T Wireless – Wireless bill summaries mentioned large account balances
Citi – Offered the ability to view your Citi credit card online, showing extremely high balances
Classmates.com – Emails thanked the recipient for joining and provided links to confirm
Craigslist – With varying email subjects, messages included plausible sounding Craigslist posts
LinkedIn – Emails mixed pending LinkedIn invitations with messages awaiting responses
Verizon Wireless – Bill summary emails that copied the AT&T Wireless approach
Our computer user comfort level should not be affected by the familiarity of a name brand. Instead we must always be on guard for an attack, trusting no email or website we aren’t absolutely sure about. We’ve got to be aware of our surroundings at all times. For example, is the email one we expected? Does it ask us to click on a link? Have we done business with that company or website recently? Does our gut tell us there might be something wrong? I know, it’s tough to have to rely on a gut feeling if you’re unaware of the potential threat, but we’re trying to educate you to that possibility. I repeat, trust nothing on the Internet until verified.
I believe that the future of the Internet is dependent on how unsafe it becomes. Just like in the brick and mortar world, we’ll stop frequenting an area of town if there is a high crime rate and we perceive it personally dangerous. Our use of the Internet is no different. If it becomes too dangerous to use it, we’ll stay home.
Reference: Big brands utilized in malware distribution
As always, I appreciate your comments on this subject…so please do. And be careful out there…it’s extremely dangerous these days.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.
lubicp(at)yahoo.com and @paulsinternet on Twitter.