E-Mail Scams Target Company Executives
A wave of sophisticated, ongoing attacks disguised as bills from supposed business partners, complaints from the Better Business Bureau, and investigations by the Internal Revenue Service is snaring high-value business victims with malware-carrying e-mail messages that don't bear the usual telltale signs of phishing.
"When you get one of these things," says Dave Jevans, chairman of the Anti-Phishing Working Group, "they're so well crafted, they look real."
The attacks target corporate executives and other high-level employees at a range of companies. Victims who open attachments or follow download links can pick up a malware infection and hand over the keys to their corporate banking network, financial account log-ins, and a vast assortment of other sensitive and valuable data. "It's a lot more lucrative than stealing a credit card number and making small purchases," says Jevans.
Personalized Messages
To better snare such prizes, the targeted attacks start with real names and
company references to make the messages seem real.
Experts suggest many ways the thieves could have collected company and employee names. They could have "scraped" the information from various companies' own Web sites, which often list the names and titles of executive staff. They may have wormed their way into popular online contact databases, or even purchased lists of such information from legitimate marketing firms.
Regardless of the source, seeing an e-mail with your name on it helps convince you that it's real. To further allay suspicions, the messages are well written and professionally presented. You won't see the obvious grammatical mistakes and nonsensical wording that give away run-of-the-mill scams. The faked IRS and BBB e-mail messages even provided the name of the person who supposedly filed the complaint, along with the date it was filed.
Many of the attacks disguise malware as embedded objects inside attached, convincingly named Word documents, such as "Documents_for_Case.doc." The recipient must click an icon inside the document for the attack to succeed, but the arrangement also allows the malware to slip past many antivirus programs. Other attacks include links to downloadable malware in the e-mail.
The Payload
Some victims have been hit by a Trojan horse that can sift through hard-drive data, spy on anything on screen, or even allow full remote desktop control, says Joe Stewart, a senior threat researcher with SecureWorks who conducted an in-depth analysis of the attacks. Other infections have added an Internet Explorer browser helper object that can steal user names, passwords, and any other data typed into the browser, even if the data is sent afterward over a secured connection.
For an attacker, going to such lengths is justified by the potential of landing a well-heeled victim, in much the same way a sales pitch for a luxury Rolls Royce would be much more polished and directed than what you'd hear at a corner lot filled with junkers.
"Phishers are used to getting tons and tons of crap data to wade through to
get to their stolen data," Stewart says. "Targeting execs is a way better payoff
for the work involved."
Cheers
Make your PC more useful. Get the free Google Pack.
, 
, 
, 
, 
, 
, 
, 
, 
Best Prices on Computer & Internet Books
-------------------------------------------------------------------------------------------------------------
Coming Soon: Me other Blog Digitalelife.com
Please visit our sponsors
Roof Repair - Long Island New York Aluminum Welding Screen room
Increase Website Traffic DSL Cheap Calendars printed SEOcents
Home Equity Loans Low Rates Commercial Loans Sun room
Telecom Sales Leads Print Mail Statements Kitchen Remodeling
Free Press Release Home Design Spaces Corporate Gifts Jewelry
Collection Letters Cabinet resurfacing Save Money in Health care
Aluminum Repair Blog SEM Forum Discounted Tanning products
Quality Home Windows Internet Marketing Quality Home Siding
Stars2hot Dog2Dogs Music2hot Games2hot Boat Repair
Making Cents-Sense of Search Engine Marketing - SEMcents.com
Comments