We’re continuing to see a high volume of ‘phishing’ email, some of which claims to be from ‘your email provider’ and warns of dire consequences if you don’t follow the link in the message and fill out the form to keep your account active. Don’t fall for these – these messages are designed to ‘get’ you in any of the following ways:
- By clicking on the link, you confirm that your email address is good, guaranteeing more spam in the future
- The site that’s linked to (usually disguised so as to look legitimate) is full of malware designed to infect your PC with viruses that log keystrokes, capture passwords, send spam, and make your PC part of the botnet that’s sending these things.
- Some of the messages include a file attachment that supposedly has your ‘new settings’. This is actually an executable file designed to infect your PC.
- If you go to the web site you’ll be asked to enter your username and password; if you do that, your username and password will be circulated in the spam world and your account will be compromised.
.
Why so many are getting through:
- These are coming from one or more gigantic botnets and are originating from PCs around the world that have been infected.
- The volume is extremely high, so that even if a small percentage gets through, many people will get the messages.
- The messages are originating from many (probably hundreds of thousands) of different IP numbers
- The From: address and subject vary
- Most of the examples we’ve seen are customized so that the URL that the link in the message points to is unique.
- This lets the bad guys know who got the messages even if all the user does is click on the link.
- This makes each message different so it’s harder for antispam software to pick up the pattern.
- It’s taking at least a few hours for either Postini’s filters or ours to adapt and recognize new variations, and during that ‘zero hour’ phase thousands get through.
.
Whoever’s behind this is technically clever, and it would appear that there’s considerable money behind this as well.
If you get any of these, delete them immediately.