Fake notifications from social networks
Online scammers have long taken an interest in spam mailings with fake notifications imitating those sent out by social networking sites. At the same time, social network accounts have become permanent targets for phishers. In November, spammers focused on Flickr, Twitter and LinkedIn while phishers showed a preference for Habbo.
Flickr is not often exploited by spammers. However, in November users of the photo-sharing site received emails sent from Flickr accounts that contained links to a pharmaceutical site. Twitter fell victim to a similar spammer trick, with invitations to join the social networking site that looked like they were sent on behalf of Twitter users. The invitations contained a rather steamy message and a link that redirected users to a porn site. In addition to the traditional fake notifications containing links to pharmaceutical sites, November witnessed an unusual mass mailing that also involved LinkedIn. The ‘From’ field of the message imitated an official notification from LinkedIn, but the actual message warned the recipient that a recent transaction made via an e-pay system had been canceled. The cybercriminals had obviously got their wires crossed somewhere and sent a fake notification from the Nacha payment system that looked like it came from LinkedIn.
The rise of Habbo to second place in terms of phishing attacks came as a major surprise this month; in October it had dropped out of the phishing Top 10 altogether. The share of attacks on this social networking site increased a staggering ten times. Meanwhile, the number of attacks targeting Facebook grew slightly, placing it in 4th position.
The Holiday Season
The fraudsters have been taking advantage of the pre-holiday excitement and in anticipation of Christmas and the New Year are distributing mass mailings enticing users to leave their financial and personal data on a phishing site. Kaspersky Lab experts registered several mass mailings of fake notifications from Internet stores. The names of specific Internet stores were not used – the recipients were merely invited to look through a bill or click a link to check an order reference. Of course, the link led to malicious code. In addition to the main winter holidays mass mailings also targeted Thanksgiving celebrations in the US and the Muslim holiday of Eid al-Adha. The emails exploiting the theme of Eid al-Adha were mostly in Turkish and advertised religious tourism. The ‘Thanksgiving’ emails advertised holiday gifts.
In November, the top four leading spam sources remained largely unchanged, although Brazil and Indonesia swapped places. The general level of spam emanating from the Top 5 countries increased by 7.2 percentage points, with the contribution of each country increasing: India (+1.86 percentage points), South Korea (+2.31 percentage points), Indonesia (+2.29 percentage points), and Brazil (+0.12 percentage points). The share of malicious files found in all emails amounted to 3% — an increase of 0.5 percentage points compared to October.
The top two countries with the highest rates of email antivirus detection remained unchanged: Russia stayed out in front, 6 percentage points ahead of the US. Both countries showed an increase – 3.39 and 2.77 percentage points respectively – compared with October.
November’s list of the most frequently detected malicious programs did not see many changes either. Trojan-Spy.HTML.Fraud.gen topped the rating yet again, accounting for 12% of all malware spread via email - only 1 percentage point less than the previous month. In second place was Email-Worm.Win32.Mydoom.m, a mail worm whose only functions are to harvest email addresses and to send copies of themselves to these addresses.
The percentage of phishing emails in all mail traffic doubled compared with October’s figure and averaged 0.02%. There were no online games among the Top 10 phishing targets. At the same time banking organizations remained firmly in the sights of the phishers – half of the Top 10 entries were banks.