Resist the Latest Business Phishes

By
PCWorld
May 2, 2008, 7:29 PM ET
2 min read

— -- The latest spam can take the form of a subpoena purporting to be from a United States District Court, a calendar invite, or an IRS refund, in 'net cast wide' blasts or more targeted 'spear phishing' usually aimed at businesses.

Those are some of the examples from a draft of Symantec's 'State of Spam May 2008' report sent out this morning.  Along with the expected stats (80 percent of all e-mail is spam, and the U.S. remains the top spam source), the report provided some examples of new dirty tricks that can target your business.

One trick sends an e-mail that appears to be a subpoena from a District Court, with a link provided to download more documents.  The image looks like it's targeted at a particular person at a specific business, which fits the bill for a custom 'spear' phish.  If said person followed the download link, they'd have pulled in a keystroke-logging Trojan, according to Symantec.

These spear phishes aren't new, but they are dangerous.  Their more careful crafting requires a more discerning eye.  I previously wrote about other examples that faked messages from the Better Business Bureau or IRS.

One new, if uncommon, type of spam listed by Symantec comes in the form of a calendar invite.  An attached 'invite.ics' beckoned the recipient to take part in the classic Nigerian 419 scam, a new twist on an old approach.

Then there's this seeming IRS e-mail about a tax refund.  Per Symantec, clicking the link would only take you to an online vampire game instead of stealing your info, but fake IRS messages are definitely something to watch out for, especially at tax time.

One last tip:  spear phishes that target businesses can be particularly hard to recognize, even when you're careful.  If you're at all unsure about an e-mail attachment, upload it to Virustotal.com, which scans any uploaded file (up to 10MB) with more than 30 different antivirus engines.  The engines are usually set to max settings so you'll usually get one or two false alerts, but it's an otherwise terrific (and free) way to see if a file's safe.