Page 58 - index
P. 58
+! 35. +(# +# (( /-""/ (" /-+*& /""/% *! &$$"-
,,"/&/"
- &$- !! %% * &
Countless individuals around the globe maintain and rely on email, so what better place for
cybercriminals to target?
There are many threat vectors used to generate wealth on the Black Market. Email-borne
attacks, for example, come in the form of phishing, spear phishing, Trojans, malicious
attachments and hidden scripts. All techniques constantly evolve and quickly adapt to the
changing technological landscape in order to stay ahead of security professionals.
But even with the most sophisticated tools at their disposal, attackers have found success using
age-old tricks.
Earlier this year, we blocked a massive “pump-and-dump” stock spam campaign that attempted
to infiltrate inboxes. If you are unfamiliar with the scam, it goes something like this – scammers
buy shares in a penny stock (usually costing less than $1 per share) and once they have taken
a position on price they will send massive amounts of spam to users around the globe in order
to generate interest in the stock. Believe it or not, there are plenty of unsuspecting people who
are willing to make stock purchases based on a “tip” they receive from a source as suspect as
an unsolicited email. Once real investors buy shares and “pump up” the stock price, scammers
will then “dump” their shares and reap the profits.
This pump-and-dump scheme might sound familiar since it’s nearly indistinguishable from the
plot of Hollywood’s blockbuster movie, “The Wolf of Wall Street.” The only difference here is
that scammers use electronic communication and not cold calling techniques.
Digital Teeth
In April 2014, spammers started using the name Oakmont Stratton in the ‘From’ field of their
correspondence. Did you just catch the striking resemblance to the firm name Stratton
Oakmont, which appears in the recent Scorsese film? We couldn’t help but wonder if those
scammers pulled inspiration from the film and felt compelled to impersonate the name. Either
way, cybercriminals never fall short on creativity when it comes to piquing public interest.
In one campaign, the sender’s address and message details changed several times a day to
avoid detection. (One variation, for instance, referenced “JtMorgan” so to mimic the reputable
financial services firm JP Morgan.) The spammers’ stock du jour was pitched for much longer
than average since they used a remarkable amount of variables in the generating algorithm to
create enough unique versions of the message for the campaign to run several days.
We quarantined over 400 million of these messages over the course of the campaign that lasted
10 days.
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
