When most people think about cybercrime and data theft during the holidays, they think about retail data breaches and point-of-sale malware. While those things do pose an increased threat around this time of year, an equally serious risk is that of social engineering campaigns that trick people into opening malicious attachments related to a phony delivery confirmation.
Along with an influx of shopping, the holiday season also brings an increase in mail delivery and cybercriminals are using this to their advantage. In a recent blog post, security analyst Brian Krebs warned readers against opening attachments or clicking on links in emails that ask them to confirm an online order or package shipment, as they are almost always from malicious actors trying to steal sensitive information from unknowing victims.
As Krebs explained, scammers use this method primarily because the success rate is so high. Around the holidays, so many gifts have been ordered from e-commerce sites that even those who would normally know better than to click on links in emails that look a little fishy slip up and end up exposing their data.
Malcovery, a company that tracks malware attacks leveraging email, recently found that many of the phony messages being sent out this season are using malicious links and attachments that infect Windows-based PCs with the Asprox Trojan. Asprox steals login information for email accounts from infected machines and turns the victim’s computer into a pawn that relays spam emails as part of a larger botnet to perpetuate future attacks. The malware has also been known to deploy a scanning module capable of forcing compromised PCs to scan websites to identify vulnerabilities that can be exploited to hack into the sites and infect its visitors with malware.
How to spot malicious emails
Cybercriminals are clever and attempt to spoof trusted brands, but there are some simple ways to quickly spot a fake. First, any legitimate email will include a reference or order number that you can look up to make sure it matches one you were given on receipt of purchase. Second, phony emails from scammers are almost always rife with spelling errors, as well as grammatical and style mistakes.
Third, and perhaps the easiest to spot, the sender’s email address is always a tip off in these situations. Some of the messages that were sent earlier this year claimed to be from FedEx, but were not sent from FedEx.com. Instead, scammers used a Yahoo email address ending in .es, meaning it is registered in Spain.
While educating users about best practice when interacting with emails around the holidays, enterprises cannot always guarantee their employees will follow the rules when reading messages on the company network, opening up sensitive systems to potential security risks. The most reliable way to defend against malicious software infecting company networks is to employ an endpoint layered security solution. Faronics Anti-Virus provides protection for multiple endpoints and utilizes multiple strategies, such as Web filtering, firewalls, anti-rootkit and anti-spyware, to defend against cybercriminals and keep important information and systems safe.