An
email pops up in your inbox, saying you have a date in court. And it uses your
first name. Pretty alarming, no? Not to worry — courts don’t communicate that
way. It’s a scam — a variant of one that apparently has spread from Australia
and the UK. But the purpose isn’t to bilk you out of money — it’s to steal your
identity and get you to click on malicious links.
Welcome
to the new spam, a phenomenon that threatens consumers and companies alike.
Such schemes have long existed, but they are now more insidious, thanks to
improved technology and the boundless creativity of the perpetrators.
For
example, the Internal Revenue Service warned this week that thousands of
taxpayers’ W-2 records have been compromised.
“This
particular scam, sometimes referred to as business email spoofing (BES),
reportedly first appeared last year, said the IRS,” PYMNTS.com reports.“Cybercriminals
send emails to employees in payroll and human resources (HR) using slightly
modified email addresses to make it appear as if the emails are coming from an
organization executive, said the IRS. The email requests a list of all
employees and their W-2 forms.”
PYMNTS.com
continues that the scam has “evolved beyond affecting just the corporate world
and has spread to other sectors, including school districts, the health care
sector, temp agencies and nonprofits, among others.”
It used
to be that fraud artists rented an email sucker’s list: Many still do. But it’s
expensive, and not as reliable as it once was. Anyway, why risk the liability
to both sender and vendor? There are better ways.
Take
the “snowshoe spamming” allegedly conducted by Michael A. Persaud. Persaud was
indicted on federal charges this week, according to Krebs on Security.
“The
Justice Department says Persaud sent well over a million spam emails to
recipients in the United States and abroad,” Krebs on Security writes.
“Prosecutors charge that Persaud often used false names to register the
domains, and he created fraudulent “From:” address fields to conceal that he
was the true sender of the emails. The government also accuses Persaud of
“illegally transferring and selling millions of email addresses for the purpose
of transmitting spam.”
It gets
worse.ZDNet reported yesterday that spammers can spoof Gmail accounts, and that
Gmail can’t stop them. Renato Marinho, a researcher from Brazilian security
firm Morphus Labs, claims that Gmail “doesn't filter or indeed even warn users
about dodgy messages from a spoofed @gmail.com address,” according to ZDNet.
“That is, the email appears to have come from a Gmail account, but actually
came from a non-Gmail server. It's not hard to imagine the fun that hackers and
spammers could have with this behavior.”
The
solution? Stronger cyber security at
companies and institutions of all kinds — to protect customers, employees, and
everyone.
No comments:
Post a Comment