September 29, 2017 |

F-Secure Labs Shares the Top Companies Spoofed in Spam in 2017

Social engineering is simple these days, and spam has re-surged as an attack vector. Buckinghamshire, UK – 21st June, 2017: With the decline of exploit kits, spam email has re-emerged as a popular attack vector for spreading malware, frauds and scams. And one trick spammers use to fool recipients is posing as a legitimate company. […]

Social engineering is simple these days, and spam has re-surged as an attack vector.

Buckinghamshire, UK – 21st June, 2017: With the decline of exploit kits, spam email has re-emerged as a popular attack vector for spreading malware, frauds and scams. And one trick spammers use to fool recipients is posing as a legitimate company. F-Secure Labs is sharing a list of the top companies email spammers have been spoofing in the first half of 2017.

 

Populated by giants like Apple, Amazon and Microsoft, the list underscores that the bigger the organisation, the more attractive it is to use its brand name as bait in spam.

 

“There are so many people that have relationships with these companies, it makes these the most successful ones to imitate in spam,” says Sean Sullivan, Security Advisor at F-Secure.

 

If not big tech giants, popular-to-spoof companies fall into certain industries such as online dating (Match.com) and financial (PayPal). Delivery services like USPS and FedEx are high on the list, using package delivery as bait. In Germany, Giropay and eBay are popular spoofed brands, and in the Nordics, Nordea Bank and Ikea.

 

“When it comes to spam, social engineering is simpler than in the past,” says Sullivan. “E-commerce is now so common it only takes a simple ‘Your order cannot be delivered,’ nothing else is needed. The amount of spam pushed practically guarantees that numerous recipients will actually be waiting for a delivery. And that serendipity is what short-circuits any amount of awareness training.”

 

Emails spoofs may push ransomware as an attachment, or other types of malware such as banking trojans or keyloggers. They may purport to sell legitimate products but actually be aiming to gather up credit card details or other personal information. They may be phishing emails engineered to steal account credentials.

 

Exploit kits, which lurk on compromised or malicious websites to exploit vulnerabilities found in visitors’ browsers and systems, used to dominate as a vector for malware infections. They have seen declining use as software vulnerabilities get patched more promptly, and as zero day vulnerabilities are rarer than ever.

Malicious email volumes have increased as criminals adjust to the market forces.

 

Sullivan says we don’t see spam slowing down as an attack vector, so he offers these tips to IT admins to prevent infections via spam:

 

  • Do your users really need to be able to receive zip files? With cloud services, users can link to large documents securely. Consider blocking zip files at the gateway or using a group policy to make it an unsafe file type.
  • Disassociate jscript from something that will actually execute something on the user’s machine.
  • Disable macro scripts from Office files received via email.

 

Top Companies Spoofed in Spam, H1 2017:

 

  1. USPS
  2. Amazon
  3. FedEx
  4. Apple
  5. PayPal
  6. Walgreens
  7. Microsoft
  8. eHarmony
  9. Lyft
  10. Facebook
  11. Bank of America
  12. Match.com

 

 

More Information

https://business.f-secure.com/top-companies-spoofed-in-spam

 

About F-Secure

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

 

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

 

f-secure.com twitter.com/fsecureukteam | facebook.com/f-secure

 

F-Secure media relations

Geoff Dorrington

PR manager, F-Secure UK & Ireland

E: geoff.dorrington@f-secure.com

T: 01753 376592

 

Latest Press Releases

June 7, 2019

F-Secure wins best advanced persistent threat protection category at SC Awards Europe 2019

F-Secure continues to garner accolades as a cyber security solution and services provider, also being recognized as ‘highly commended’ in the Best Security Company category at the event.

May 29, 2019

Overwhelming number of internet users now fear becoming a victim of identity theft and account takeover — and most are right

F-Secure to launch a new service to protect against identity theft during 2019

May 21, 2019

Proposed age verification checks have risks for UK internet users

London, UK – May 21, 2019: With the United Kingdom’s controversial online age verification checks scheduled to come into force this summer, experts from cyber security provider F-Secure are advising UK internet users that the new rules could increase the risk of identity theft and other cyber crimes. “Preventing kids from accessing certain types of […]

May 9, 2019

F-SECURE SECURITY ENGINEERING AWARDED IEC 62443 CERTIFICATIONS

Certifications validate F-Secure’s unique security engineering expertise in developing mission critical ICS components

%d bloggers like this: