Phishing Emails Getting Real

Monday, July 2, 2012 @ 05:07 PM gHale


Experts can spot fake emails acting as a part of spam campaigns from a mile away, but security professionals now find cyber criminals are working on making them more realistic.

The SERT research team over at Solutionary have analyzed a classic FedEx spam message and have detailed not only the elements that make it more realistic, but also the clues that clearly show that it’s part of a scheme.

RELATED STORIES
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification
Robustness Testing: Saves Lives, Money
Siemens CERT Gains Achilles Status

Savvy users are aware of the fake FedEx emails that try to phish out a user’s information are bogus. However, in one variant, the tracking number actually worked and matched a shipment to Toronto, Canada.

Furthermore, one of the links from the email actually led to the official currier site and not some Blackhole-infested domain like in many of the cases we’ve seen.

“These attempts are getting better, especially when they first direct the user to an official site. It won’t be long before you won’t be able to tell the difference between a phishing attempt and an official email. Systems and/or security departments should keep informing coworkers of these types of emails,” said Brad Curtis from Solutionary.

“The more users see real examples and are informed, the less they will be apt to click ‘that’ link. It takes much less time to research these emails and put together a simple Security Tip notification than it does to clean an infected machine, or worse, a piece of production equipment.”

On the other hand, the classic mistakes made by spammers are also present. A second link didn’t point to Fedex.com, but a children’s website that was most likely compromised to host a shady .zip file.

The archive contained some sort of malware that came as a .pif file.

The example presented in the screenshot contains at least nine indicators that give away the fact that it’s a fake.



Leave a Reply

You must be logged in to post a comment.