Hot Spam: Targeted Phishing, Brand-Jacking

By Matthew Hines  |  Posted 2009-10-13 Print this article Print

Targeted phishing attacks and non-phishing campaigns involving company brands are among the leading trends in messaging attack patterns according to the latest observations reported by McAfee AVERT Labs.

Some 19 out of every 20 e-mails constitute some form of spam, researchers with the security company said, with abuse of popular brand names on the part of criminals in the name of perpetrating fraud both via phishing and other means remains a major problem.

As consumers continues to fall for the scams and businesses fail to create means to connect more securely to their customers online , spammers are humming along, generating enough unwanted e-mail to send 30 messages to everyone in the world every day, according to McAfee's October Spam Report (PDF), written by researchers Adam Wosotowsky and Elan Winkler.

In addition to seeking more help from law enforcement and regulators, businesses need to enlist the help of layered defenses including Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) technologies, the experts recommend.

"Corporate marketing and legal teams need to watch for brand abuse by criminal organizations that want to tap into their target audience. Such fraud damages the reputations of companies and ends up costing them prestige, customers, and revenue," the report contends. "[Spammers] must believe they control the bandwidth to take advantage of demographics and corporate identities.

In recent trends, spam and phishing campaigns bearing the spin of Canadian branding of some kind are hot, with attackers having somehow deduced that e-mail sent from the friendly northern nation was having better success evading filters than messages sent from places like Russia or Nigeria.

But the big lure North of the U.S. border is the availability of cheaper prescription drugs, an issue that drives a lot of eyeballs, and breeds legions of phony online Canadian pharmaceutical scams, the McAfee researchers reported.

And currently spam that advertises Web sites for "Canadian pharmaceuticals" accounts for more than 70 percent of global spam volume, a towering total.

"Online pharmaceuticals" is to "Canadian pharmaceuticals" as Jell-O is to gelatin," the report claims. "With so many news stories of elderly people purchasing medications from Canada, there is so much pressure to offer cheaper drugs that an entire shadow industry attempts to cash in."

Spammers also continue to become more sophisticated in putting together branded attacks using the imagery and names of banks and cash services including Western Union.

Along with that company and other regular targets including Bank of America, Wells Fargo, eBay, and PayPal, a "multitude" of targeted phishing scams are occuring a very local level, the experts said. Even the smallest savings and loans have suffered phishing scams that are sent only to e-mail addresses associated with their customers.

"Banks and financial institutions have tried to fight back, but spammers are getting more sophisticated; the latest spams are polished, professional, and almost foolproof," McAfee said. "Users must now rely on logic (How did a bank I don't do business with get my email address?) to identify good from bad messages."

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel