Phishers use less strident subject lines to deliver new cunning attacks
'SECURITY ALERT' wasn't: 'Statement available' is
The use of exploit kits is allowing phishing fraudsters to develop scams that only rely on tricking prospective marks into clicking a link, rather than submitting all their details to a bogus website.
Many recent phishing runs spotted by Trend Micro have made use of the notorious Blackhole Exploit kit. The hacker favourite is used to automate the process of mounting drive-by-download style attacks from compromised (often legitimate) websites. Blackhole preys on browser exploits, Adobe software bugs and most recently the latest Java vulnerabilities, a particular successful strategy since third-party software frequently goes without updates.
By using the exploit kit in phishing emails, cybercrooks move away from the tricky process of coaxing marks into submitting data to bogus websites, traditionally pulled off using a bogus security alert from their bank as a lure, to simply tricking users to open an email and click a link.
The shift means that the subject matter and tone of phishing emails is changing. In addition, the traditional security advice about phishing emails is becoming out-dated, Trend warns.
Phishing messages of yesterday typically screamed "security alert", while modern messages are more subtle and feature subject lines such as "Your statement is available online", "Incoming payment received" and "Password reset notification".
"In many cases these messages are identical to the legitimate messages sent by the legitimate organisation," Trend Micro warns. "Sometimes, the only difference between the legitimate version of the email and the phished version is the bad link".
The use of banking Trojans, spread using exploits and vulnerabilities, such as ZeuS and Cridex has been going on for years. Banking trojans developed using cybercrime toolkits look for activity such as logins to financial websites. As well as appearing on compromised legitimate website surfers are getting exposed to exploit toolkits via their in-boxes, thanks to a shift in tactics by e-banking fraudsters.
Trend's research, published on Thursday, documents changing tactics for spreading banking trojans as well as explaining how standard anti-phishing advice is no longer valid, a factor that make its white-paper Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs (PDF) worth reviewing.
Trend looked at more than 200 separate spam runs featuring in excess of 40 organisations during Q2 2012. The spam campaigns claim to be from legitimate companies such as Intuit, LinkedIn, the US Postal Service (USPS), US Airways, Facebook, and PayPal, among others. Compromised sites were used and reused from one attack to another. Exploit methods were the same and the botnet networks used in many cases were also similar. ®
I had some sex spam in my mailbox...
... but the quality of the writing proved they were no cunning-linguists
Re: Now ask me why ...
I'd rather ask you why all of those people were online in 1992, less than two years after Sir Tim created HTML and before most people even had a machine that was capable of those feats of connectivity.
1998-2000 is when most people came online, 70 million (worldwide) at the end of 1997 became 361 million (worldwide) by the end of 2000.
Slight exaggeration, or do you have an unusual cluster of very early adopters gathered around you?
I ask, because they're all probably doing something now that the rest of us won't begin to seriously adopt for another 5-10 years and I'd like to train/invest.
Which is why I stick to plain text email only.
I once nearly got caught by an HTML scam (on a webmail account.) I was expecting a message and a scam one came up, it was only a typo that alerted me.
I removed the webmail account from the service and now only use mail accounts that can be accessed via a plain text client for such purposes.