{"id":15114,"date":"2015-11-16T16:54:56","date_gmt":"2015-11-16T16:54:56","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4805"},"modified":"2018-09-18T15:27:55","modified_gmt":"2018-09-18T13:27:55","slug":"spam-and-phishing-in-q3-dirty-summer-tricks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/spam-and-phishing-in-q3-dirty-summer-tricks\/15114\/","title":{"rendered":"Spam and Phishing in Q3: Dirty Summer Tricks"},"content":{"rendered":"<p>What\u2019s it like to work with spam? No, not spamming out everything you\u2019ve got, but vice versa. What\u2019s it like to find ways of not letting spam through?<\/p>\n<p>Academically, it must be quite an exciting study, possibly not unlike entomology (although actual spam analysts may disagree with such a comparison). Why would businesses care about the spam and its trends? On the surface, it\u2019s about knowing the spammers\u2019 tricks, those who do their best to attract undeserved attention to the advertised offers. On the darker side, spam is also used to spread malware and phishing letters. So, knowing spam is knowing thine enemy. Sort of.<\/p>\n<p>We have a Q3 spam report by Kaspersky Lab. So let\u2019s take a look.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Spam and Phishing in Q3: Dirty Summer Tricks #spam #q3<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FwU4Z&amp;text=Spam+and+Phishing+in+Q3%3A+Dirty+Summer+Tricks+%23spam+%23q3\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Summer moved on<\/strong><\/p>\n<p>The first highlight is that spam levels have moved upwards. Very slightly, though, just 0.8% up from the average percentage of the previous quarter (currently it\u2019s 54.2% in the overall email traffic). It was predictable, as vacation season effectively ends in Q3, and spammers tend to leverage this.<\/p>\n<p>This was actually observed: Exploiting the summer holiday season, fake notifications from booking services, airlines, and hotels were used to spread malicious programs such as Trojan-Downloader.JS.Agent.hhy, disguised as a flight e-ticket or hotel reservation.<\/p>\n<p>Another type of spam email offered a selection of brides (mainly from Russia and Ukraine) to foreign suitors. After replying, targets were sent further spam emails as some \u201cbrides\u201d asked for money to visit their \u201csuitors\u201d.<\/p>\n<p>There was also \u201cthe sheer variety\u201d of dating-themed spam in Q3 \u2013 all kinds of dating\/marriage\/adult sites were spamvertised, as well as a (sort of) new type of spam, blatantly fraudulent. A mass mailing was observed that prompted recipients to send a text message to a specific telephone number \u2013 in return a girl promised to send intimate photos of herself. A little bit of checking showed that this was a robot doling out a mobile malware on the other end.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Dating fraud and new tricks with PDF full of malice: #spam in Q3<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FwU4Z&amp;text=Dating+fraud+and+new+tricks+with+PDF+full+of+malice%3A+%23spam+in+Q3\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Newer tricks<\/strong><\/p>\n<p>In Q3, cybercriminals came up with a new way of distributing phishing emails and bypassing spam filters. The text of the phishing email and the fake link were included in a PDF document attached to the email.\u00a0After clicking the link, a standard phishing web site opened and the user was asked to enter his personal information.<\/p>\n<p>The majority of emails utilizing the new technique imitated bank notifications. The body of these messages usually contained a short text describing the problem; sometimes there was no text at all.<\/p>\n<p>The spammers used well-known phrases and tricks in the text of the emails: notifications about an account being blocked, the need to pass a verification procedure, security issues, an investigation into phishing incidents, etc. As usual, the fraudulent links were masked by legitimate links and text fragments.<\/p>\n<p>https:\/\/securelist.com\/files\/2015\/11\/q3_2015_spam_eng_9-1024\u00d7532.png<\/p>\n<p>Another trick was sending spam imitating a non-delivery auto-reply sent by an email server, which contained a malicious ZIP archive with Trojan-Downloader.JS.Agent.hhi. This in turn downloaded Backdoor.Win32.Androm.<\/p>\n<p><strong>Rise of the Phishers<\/strong><\/p>\n<p>Phishing activity keeps going up: according to Kaspersky Lab stats, in Q3 2015, the Anti-Phishing system was triggered 36,300,537 times on computers of Kaspersky Lab users, which is 6 million times more than the previous quarter.<\/p>\n<p>\u2018Global internet portals\u2019 (30.93%) topped the rating of organizations attacked by phishers although its share decreased by 11.42 p.p. from the previous quarter. Yahoo, Vkontakte, and Facebook appear to be the most targeted.<\/p>\n<p>The share of \u2018Social networking sites\u2019 (21.44%) increased by 6.69 p.p. In third place came \u2018Banks\u2019 with 18.07% (+4.65 p.p.). The \u2018Online games\u2019 category also increased by half and accounted for 4.02%. Games draw an increasing interest from the criminals, as there are a lot of end-users\u2019 money involved.<\/p>\n<p>Full text of the latest Q3 report on spam and phishing is available <a href=\"https:\/\/securelist.com\/analysis\/quarterly-spam-reports\/72724\/spam-and-phishing-in-q3-2015\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are some interesting findings in our Q3 spam report. <\/p>\n","protected":false},"author":209,"featured_media":15532,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[76,2234,240],"class_list":{"0":"post-15114","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-phishing","10":"tag-q3","11":"tag-spam"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/spam-and-phishing-in-q3-dirty-summer-tricks\/15114\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/spam-and-phishing-in-q3-dirty-summer-tricks\/15114\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/spam-and-phishing-in-q3-dirty-summer-tricks\/15114\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=15114"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15114\/revisions"}],"predecessor-version":[{"id":21186,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15114\/revisions\/21186"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15532"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=15114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=15114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=15114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}