Thanks for signing up, a member of the Global PR team will be in touch with you shortly.
Helsinki, Finland – June 21, 2017: With the decline of exploit kits, spam email has re-emerged as a popular attack vector for spreading malware, frauds and scams. And one trick spammers use to fool recipients is posing as a legitimate company. F-Secure Labs is sharing a list of the top companies email spammers have been spoofing in the first half of 2017.
Populated by giants like Apple, Amazon and Microsoft, the list underscores that the bigger the organization, the more attractive it is to use its brand name as bait in spam.
"There are so many people that have relationships with these companies, it makes these the most successful ones to imitate in spam," says Sean Sullivan, Security Advisor at F-Secure.
If not big tech giants, popular-to-spoof companies fall into certain industries such as online dating (Match.com) and financial (PayPal). Delivery services like USPS and FedEx are high on the list, using package delivery as bait. In Germany, Giropay and Ebay are popular spoofed brands, and in the Nordics, Nordea Bank and Ikea.
"When it comes to spam, social engineering is simpler than in the past," says Sullivan. "E-commerce is now so common it only takes a simple 'Your order cannot be delivered,' nothing else is needed. The amount of spam pushed practically guarantees that numerous recipients will actually be waiting for a delivery. And that serendipity is what short-circuits any amount of awareness training."
Email spoofs may push ransomware as an attachment, or other types of malware such as banking trojans or keyloggers. They may purport to sell legitimate products but actually be aiming to gather up credit card details or other personal information. They may be phishing emails engineered to steal account credentials.
Exploit kits, which lurk on compromised or malicious websites to exploit vulnerabilities found in visitors’ browsers and systems, used to dominate as a vector for malware infections. They have seen declining use as software vulnerabilities get patched more promptly, and as zero day vulnerabilities are rarer than ever. Malicious email volumes have increased as criminals adjust to the market forces.
Sullivan says we don’t see spam slowing down as an attack vector, so he offers these tips to IT admins to prevent infections via spam:
F-Secure makes every digital moment more secure, for everyone. We deliver brilliantly simple, frictionless security experiences that make life easier for the tens of millions of people we protect and our 170 service provider partners. For more than 30 years, we’ve led the cyber security industry, inspired by a pioneering spirit born out of a shared commitment to do better by working together.
Sign up for media information from F-Secure.
Browse through our news by year.
Browse through our news by category.