08/31/2019 07:41:17 PM
Malicious users never stop making other people's lives miserable online. They always look for new ways to spam their recipients' mailboxes with phishing messages while bypassing existing content filters. Unfortunately, these emails look like they come from a legitimate and reputable source so that users cannot ignore the unwanted email. This also poses a challenge for companies as these unwanted spam containing malicious content, seemingly sent on their behalf, could compromise their customers’ trust or even lead to personal data leaks.
Their method is quite simple yet effective. At present, every company is interested in receiving feedback from their clients to improve the quality of service, customer retention, and reputation; and to do so, companies ask customers to create a personal account, subscribe to newsletters or communicate with feedback forms on the website, for example, to ask questions or leave suggestions. These are exactly the mechanisms that attackers are exploiting.
All of these three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback.
According to Kaspersky researchers, scammers are adding spam content and phishing links into this mail. The procedure is quite easy: they simply add the victim’s email address into the registration or subscription form and type their message instead of the name. Then, the website will send a modified confirmation letter to that address, containing an advertisement or phishing link at the beginning of the text instead of the recipient’s name.
“Most of these modified letters are linked to online surveys designed to obtain personal data from visitors. Notifications from a reliable source usually pass through content filters with ease, as they are official messages from a reputable company. This is why this new method of unwanted, yet seemingly innocent, spam emailing is so effective and worrying,” explained Maria Vergelis, security expert at Kaspersky.
To keep companies from possible reputational losses, Kaspersky suggested these three steps:
- To check how the feedback forms work on your website
- To embed several verification rules that would cause an error when trying to register a name with inappropriate symbols
- To conduct a vulnerability assessment of the website, if possible.
To know more, read the full text of the report on Kaspersky Daily.
Author: slickmaster | © 2019 The SlickMaster's Files
No comments:
Post a Comment
Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!