Spammers Add Use of Legitimate Katrina Relief Websites to Growing Arsenal of Tools, Warns SurfControl
SurfControl, a world leader in enterprise threat protection, today issued a security advisory to enterprise IT departments and individuals about an alarming rise in unsolicited spam e-mail messages carrying URLs of legitimate donation websites. SurfControl's Global Threat and Analysis Center believes this is an attempt to condition people to respond to unsolicited e-mail without fear of harm, in support of cyber criminals' future plans to defraud people. Individuals who are interested in making contributions to support Hurricane Katrina relief efforts should avoid responding to any unsolicited e-mail messages requesting donations. "This new type of blended threat not only damages the trust of citizens but also has a real and lasting impact on legitimate fundraising organizations that can suffer irreparable damage to their image," said Susan Larson, vice president of global threat analysis and research at SurfControl. "By targeting legitimate sites, the scammers can hide their tracks using technically-sophisticated methods. These increasingly sophisticated scamming techniques are often hard to detect and SurfControl is concerned that some organizations with legitimate URLs are unaware of this activity." SurfControl's Larson noted that phishers can replicate the donor contribution form of the legitimate web site or redirect traffic to a spoofed donation form, prompting donors to reveal confidential financial and personal information. Using an even more devious method, a donor could actually make a donation and even receive confirmation of the transaction, while at the same time having their credit card information stolen by the scammers and then passed on to the legitimate site. This loss of personal information is totally transparent to the donor and the legitimate organization. To protect against phishing or blended Internet attacks that could potentially leave enterprise networks open to attack, SurfControl recommends the following:
- IT departments should issue an advisory to warn employees of these potential scams and re-enforce acceptable Internet Use Policies.
- Individuals should never make donations or give out other personal information as a response to an e-mail request, but rather navigate to a Website by themselves.
- Never click on a link in a suspicious e-mail. Just delete the e-mail.
- Delete e-mails with nonsense subjects or ones requesting donations.
- Use only well-known online vendors. Look for a little lock symbol on the checkout page when completing transactions online, or look for "https" in the address bar, which means the site is using a an encryption system.
Reproduced from an article published by PR Newswire
© PR Newswire
The original article can be viewed here:
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/09-1...
Permalink Bookmark Digg this story
