Virtualization Technology News and Information
Kaspersky Research Finds Scammers Distributing Spam and Phishing Emails from Legitimate Company Websites
Kaspersky researchers have identified a global, emerging trend in spam and phishing delivery techniques. Cybercriminals are increasingly exploiting registration, subscription and feedback forms on trusted company websites to insert spam content or phishing links into confirmation emails. 

Cyber attackers are constantly looking for new methods to deliver spam and phishing messages to recipients while bypassing existing content filters. The goal is have emails originate from a legitimate, reputable source so that users do not ignore the unwanted email. This creates a challenge for companies as the spam or even malicious content, seemingly sent on their behalf, could compromise their customers' trust or even lead to personal data leaks.

This method is proving to be simple and effective for hackers to implement, as nearly every company solicits feedback from their clients to improve their quality of service, customer retention and brand image. It is a standard practice for businesses to ask customers to register a personal account, subscribe to newsletters or communicate with feedback forms on the website, all which provide several avenues for cyber criminals to gain access and exploit sensitive data. All three mechanisms require a customer's name and email address to be provided so they can receive a confirmation email or feedback.

According to Kaspersky researchers, scammers are adding spam content and phishing links into their malicious email messages. They simply add the victim's email address into the registration or subscription form and type their message instead of the name. The company website will then send a modified confirmation letter to the specified address containing an advertisement or phishing link at the beginning of the text instead of the recipient's name.

"Most of these modified letters are linked to online surveys designed to obtain personal data from visitors,"notes Maria Vergelis, security expert at Kaspersky. "Notifications from a reliable source usually pass through content filters with ease, as they are official messages from a reputable company. This is why this new method of unwanted, yet seemingly innocent, spam emailing is so effective and concerning."

To safeguard against potential reputational losses, Kaspersky experts suggest checking how feedback forms on company websites work. They also advise embedding several verification rules that would cause an error message when trying to register a name with inappropriate symbols.

Read the full text of the report on Kaspersky Daily.

Published Friday, August 09, 2019 7:19 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2019>