It’s no secret that big brands have become targets for cyber-criminals in attempts to steal email users personal and financial information. As we have documented many times in our blog, the spoofed emails and their corresponding websites are designed in such a way that they look like the brands that people are using on a regular basis.
A recent study found that cyber-criminals are creating upwards of 57,000 fake websites every week, or nearly 3 million per year. The same study reported that eBay, Western Union and Visa are the brands that are the most frequently targeted. In fact, spoofed eBay web sites made up more than 23 percent of the fake web sites that were tracked, while Western Union made up more than 21 percent. With their focus on banks and companies that process financial information, scammers are set on capturing banking and social security information.
With the level of design and sophistication being used by spammers, as well as the volume of emails and web sites, it’s no wonder that a majority of people have become victim to some sort of cyber attack. Unfortunately, many security systems simply can’t handle the level of sophistication, which ultimately allows the messages to get to users’ email boxes, leaving the final decision on whether to click through or not in the hands of the individual. And as we have learned many times over, the weakest link in email and network security is people.
In 2009, to combat this growing trend of spoofing popular brands via email and online, we developed our SpamTrigger technology, which can instantly detect and block new email campaigns linked to newly created domains. You can view exactly how many campaigns SpamTrigger detects each day on our online Threat Center. For the first two weeks of September 2010, SpamTrigger detected 1,727 new campaigns.
Earlier this year, we documented a spoofed eBay Security Alert that warned users of the need to install an eBay Security Shield. The site turned out to be a compromised eBay account with a download button that when executed installed a Trojan virus. Once the virus was installed, users were directed to log into their eBay accounts, which then sent their eBay log-in credentials to the scammers and provided access to whatever personal and financial information was stored on the eBay accounts. SpamTrigger quickly identified this campaign, and within four minutes of detection, we had launched a filtering rule to permanently stop it.
SpamTrigger’s built-in campaign monitoring techniques quickly identify new spam and phishing campaigns before they penetrate users’ networks. Suspicious campaigns are put on probation until a filter rule can be written to capture messages from the campaign. During the probationary period, messages referring to the suspicious campaign are quarantined. In effect, Spam Trigger is blocking the emails that link to the fake web sites and protecting users from even having to make the decision whether to click through or not.
Recently, Red Condor was acquired by St. Bernard Software, which offers the iPrism web filtering technology. iPrism protects organizations from Internet-based threats and inappropriate content at the perimeter. Armed with our lists of virus campaigns and web sites, iPrism is also able to block access to these fake sites.
Multi-layered defenses such as those offered by Red Condor’s SpamTrigger and St. Bernard’s Web filtering solutions help to reduce the likelihood that companies will have to rely on their employees as their last lines of defense.