Kaspersky researchers have identified a growth in the usage of cunning spam and phishing delivery technique. Malicious internet users are increasingly exploiting registration, subscription, and feedback forms on websites to insert spam content or phishing links into confirmation emails from respected and trustworthy companies on a global scale.

 

Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients, while bypassing existing content filters. Ideally, they try to make letters come from a legitimate source with a good reputation so that users cannot ignore the unwanted email. This also creates a challenge for companies as this unwanted spam or even malicious content, seemingly sent on their behalf, could compromise their customers’ trust or even lead to personal data leaks.

 

The method is quite simple and effective. Today, almost every company is interested in receiving feedback from their clients to improve the quality of service, customer retention, and reputation. To do this, companies ask customers to register a personal account, subscribe to newsletters or communicate with feedback forms on the website, for example, to ask questions or leave suggestions. These are exactly the mechanisms that attackers are exploiting.

 

All three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback. According to Kaspersky researchers, scammers are adding spam content and phishing links into this mail. They simply add the victim’s email address into the registration or subscription form and type their message instead of the name. The website will then send a modified confirmation letter to that address, containing an advertisement or phishing link at the beginning of the text instead of the recipient’s name.

 

“Most of these modified letters are linked to online surveys designed to obtain personal data from visitors. Notifications from a reliable source usually pass through content filters with ease, as they are official messages from a reputable company. This is why this new method of unwanted, yet seemingly innocent, spam emailing is so effective and worrying,” notes Maria Vergelis, security expert at Kaspersky.


 

To keep companies from possible reputational losses, we advise:

  • To check how the feedback forms work on your website
  • To embed several verification rules that would cause an error when trying to register a name with inappropriate symbols
  • To conduct a vulnerability assessment of the website, if possible.

 

Read the full text of the report on Kaspersky Daily.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 29 June 2018 4:21 PM | 390 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta.... See More
 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 4:21 PM | 390 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta...See More

 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 29 November 2017 4:36 PM | 357 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.. See More
 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 4:36 PM | 357 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.See More

 
Hidden Miners on Google Play
Techworld Date Posted: 11 April 2018 4:48 PM | 53 Views
  Kaspersky Lab’s researchers have discovered that more and more cyber criminals are turning their attention to malicious software that mines cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier.... See More
 
Hidden Miners on Google Play
Techworld Date Posted: 4:48 PM | 53 Views
  Kaspersky Lab’s researchers have discovered that more and more cyber criminals are turning their attention to malicious software that mines cryptocurrencies at the expense of users’ mobile devices. These criminals are getting greedier...See More

 
BP Waterworks Inc. Invests in Leading Software to Jump-Start Major ERP Transformation
Techworld Date Posted: 2 August 2019 6:19 PM | 139 Views
BP Waterworks Inc. Invests in Leading Software to Jump-Start Major ERP Transformation . See More
 
BP Waterworks Inc. Invests in Leading Software to Jump-Start Major ERP Transformation
Techworld Date Posted: 6:19 PM | 139 Views
BP Waterworks Inc. Invests in Leading Software to Jump-Start Major ERP Transformation See More

PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 1 August 2017 9:43 AM | 80 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing.... See More
PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 9:43 AM | 80 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing...See More

 
Human Error: Leading Cause of Cybersecurity Breaches According to a Study
Techworld Date Posted: 28 May 2018 11:15 AM | 486 Views
A new worldwide study cited by leading DDoS Mitigation service provider IPC (IP Converge Data Services, Inc.) reveal that a lack of skills among employees is a critical barrier holding enterprises back from implementing.... See More
 
Human Error: Leading Cause of Cybersecurity Breaches According to a Study
Techworld Date Posted: 11:15 AM | 486 Views
A new worldwide study cited by leading DDoS Mitigation service provider IPC (IP Converge Data Services, Inc.) reveal that a lack of skills among employees is a critical barrier holding enterprises back from implementing...See More

 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 28 November 2017 9:52 AM | 354 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,. See More
 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 9:52 AM | 354 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,See More

 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 24 April 2019 4:32 PM | 60 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”.... See More
 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 4:32 PM | 60 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”...See More

 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 7 December 2018 4:35 PM | 231 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.. See More
 
Epson Wins Good Design Awards for Projectors, Printers, and Scanner
Techworld Date Posted: 4:35 PM | 231 Views
Seiko Epson Corporation (TSE: 6724, "Epson") has won a 2018 Good Design Award for a total of eight designs, including three for projectors, four for printers, and one for a scanner.See More

 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 23 July 2018 2:37 PM | 571 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.. See More
 
Data for Nothing: Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
Techworld Date Posted: 2:37 PM | 571 Views
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return.See More


Power by

Download Free AZ | Free Wordpress Themes