Email scammers have been developing some creative new attacks lately which play on human fears, insecurity and/or vanity. We will be discussing several of these attacks over the next few weeks. First, a scam using fraudulent pink slips.
In this attack, the phisher sent emails to some employees at the target company telling them that they had been laid off. The subject line read "Urgent – employment issue”. The from: line was successfully spoofed so that the message appeared to come inside the company. Other content in the message was consistent with the target company’s operations (a hospital) and reinforced the victims’ belief that this was a real message.
The message included a link to a website where the victim could get career-counseling information. Concerned about their employment status and being justifiably upset over being laid off by email, at least two employees at the target company clicked on the link. In fact, opening that website loaded a keystroke logger on the victims’ computers.
Spam and phishing attacks are being increasingly customized to the specific company under attack. Because the content is so customized and because this particular message was so intimidating, the scammer knew that he/she could send out far fewer fraudulent messages and still find an unwary victim. Such low volume, highly targeted attacks are almost impossible for the spam filters to identify and block ahead of time. You must remain on guard when you see a suspicious message.
No reputable company will notify you of any such personnel action solely by email. If you receive a message that concerns you, talk to your manager or to HR department directly. Never click on any link in a suspicious email or IM message.
Leave a Reply