Phishing attacks which use genuine BBC news stories have been detected.
According to research by Panda security, fraudsters are trying to innovate and create more realistic scenarios. One scam detected this week showed a recent story about a lottery winner that was sent around the globe and informed the recipient that they had been “donated” £1.5 million and had to send their name and address for further details.
However a link led to the real BBC website and came from an email address associated with the Canadian telco Rogers.
Luis Corrons, technical director of PandaLabs, told IT Security Guru that this was a classic identity theft attack. “I didn’t bother to write back, but I am pretty sure that if you do it they will try to run the typical Nigerian scam where you finally have to pay some money in order to get the ‘donation’. It was smart the social engineering technique of using that specific piece of news,” he said.
TK Keanini, CTO of Lancope, said: “The threat here continues to evolved and like with music, there is always another song to write so there are an endless amount of possibilities they can compose until we finally solve the authenticity problem once and for all.
“The fundamental behind this category of threat is the lack of authenticity checking both socially and technically. We have technology today whereby we could prove cryptographically that information and links came from a source that is trusted by socially we are not using them. It is the same problem with seat belts in America; they existed for years, research shows they saved lives but until the Click-It-or-Ticket campaign came out, people did not change their behaviour.
“How do you know this webpage or email you are reading right now is from the source it claims to be? If you answer is because the header says so you are these fraudsters target market.”
Keanini said that he was always happy to see these tactics make mainstream news, because “the best countermeasure here is education” and the community will develop a healthy level of paranoia whereby most of these tactics will be just noise.
