The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources.
The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers, then turns the infected machine into a botnet relay allowing spam messages to be passed through it.
Malcovery reports that in December 2013, spammers used ASProx to deliver fear in the form of a Failed Delivery email from CostCo, BestBuy, or WalMart. Malcovery analysts identified more than 600 hijacked websites that were used as relays to prevent detection by causing the spammed links to point to websites that had been “white listed” until the very day of the attack. People responded because the email told them their Christmas gift shipment had been delayed and the only way to get a refund was by clicking the (infected) link.
This year the scammers are getting even craftier and their tactics have changed. Fake order confirmation emails appeared after cyber Monday with titles like “Thank you for your confirmation,” “Order Confirmation,” “Thank you for buying from [company name],” “Acknowledgement of Order,” and “Order Status.”. The email content now targets people’s greed by saying that a delivery (that they didn’t order) is waiting for them:
“We are happy to inform you that our online store HomeDepot.com has an order whose recipient details match yours. The order could be received in any Local Store of HomeDepot.com within the period of 5 days. Open this LINK to see full information about your order.”
Opening the link infects the victim’s machine.
Another trend is with hijacked credit card numbers. Instead of charging several hundred dollars on a single credit card – which is immediately noticed and blocked – online thieves are now content to charge several thousand people $20 – $30 each, which is less likely to be noticed by either the bank or the victim.
Cognoscape is committed to your security
There are a few simple rules to follow whenever you open your inbox:
- Ask yourself: Were you expecting this email?
- Check the sender’s address – hover over the address to verify the sender
- Check the link address – hover over the link to read the address it is sending you to. Does the domain name look valid?
- Learn to spot fake domain addresses
- If you have any concerns DO NOT click the link, instead type the address into your browser and access the information from there
- Review your credit card statement regularly for fraudulent transactions
- Remember scammers target people’s greed – if it sounds too good to be true, it probably is!
Would you like to learn these techniques and have them taught to your colleagues? Cognoscape are now providing a series of lunch and learn presentations to avoid phishing scams and keep you safe from these attacks. Fill in the “Request a Consultation” form to the right of this blog post if you would like more details.
Don’t forget your friends need to know about this too – please share this post!