A handful of employees at a medical centre in the U.S. recently received e-mails saying they were being laid off. The subject line read “Urgent – employment issue,” and the sender listed on the message was at the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information. A few employees clicked on the link and unwittingly downloaded a keylogger program that was lurking at the site. Score another one for spammers.
This type of targeted ‘spear-fishing’ spam is currently on the rise and is particularly vexing because the spammer is able to “spoof” the sending e-mail address to make it look like it’s coming from within the organization of the recipient, making it difficult for spam filters to catch. Spammers are sending just handfuls of these messages at a time, again making it difficult for antispam technology to detect.
The IT department at the medical center found out about the scam when an employee in the HR department, who had received a frantic call from one of the scam’s recipients, called the CIO. The first thing the IT department did was to set its Web filtering software to block all users from visiting the site linked to in the spam.
Officials with Proofpoint, the centre’s messaging security vendor, agree that targeted spam is on the rise. “We’re seeing this more and more, typically either in large organizations or with very well-known brands,” said Rami Habal, director of product marketing. Once the company has been alerted to the scam, blocking it is easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases.
There are ways to detect even well-written fraudulent e-mails, however, such as using sender-authentication technology that can check if a message really comes from the domain it claims to, Habal noted.