Kaspersky researchers have identified a growth in the usage of cunning spam and phishing delivery technique. Malicious internet users are increasingly exploiting registration, subscription, and feedback forms on websites to insert spam content or phishing links into confirmation emails from respected and trustworthy companies on a global scale.

 

Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients, while bypassing existing content filters. Ideally, they try to make letters come from a legitimate source with a good reputation so that users cannot ignore the unwanted email. This also creates a challenge for companies as this unwanted spam or even malicious content, seemingly sent on their behalf, could compromise their customers’ trust or even lead to personal data leaks.

 

The method is quite simple and effective. Today, almost every company is interested in receiving feedback from their clients to improve the quality of service, customer retention, and reputation. To do this, companies ask customers to register a personal account, subscribe to newsletters or communicate with feedback forms on the website, for example, to ask questions or leave suggestions. These are exactly the mechanisms that attackers are exploiting.

 

All three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback. According to Kaspersky researchers, scammers are adding spam content and phishing links into this mail. They simply add the victim’s email address into the registration or subscription form and type their message instead of the name. The website will then send a modified confirmation letter to that address, containing an advertisement or phishing link at the beginning of the text instead of the recipient’s name.

 

“Most of these modified letters are linked to online surveys designed to obtain personal data from visitors. Notifications from a reliable source usually pass through content filters with ease, as they are official messages from a reputable company. This is why this new method of unwanted, yet seemingly innocent, spam emailing is so effective and worrying,” notes Maria Vergelis, security expert at Kaspersky.


 

To keep companies from possible reputational losses, we advise:

  • To check how the feedback forms work on your website
  • To embed several verification rules that would cause an error when trying to register a name with inappropriate symbols
  • To conduct a vulnerability assessment of the website, if possible.

 

Read the full text of the report on Kaspersky Daily.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Next Generation of Kaspersky Private Security Network: Extensive Threat Intelligence within the Network Walls
Techworld Date Posted: 12 September 2017 1:24 PM | 508 Views
Kaspersky Lab is introducing its next generation of Kaspersky Private Security Network, a private version of Kaspersky Security Network that allows enterprises to boost their detection speed with access to real-time global threat intelligence.... See More
 
Next Generation of Kaspersky Private Security Network: Extensive Threat Intelligence within the Network Walls
Techworld Date Posted: 1:24 PM | 508 Views
Kaspersky Lab is introducing its next generation of Kaspersky Private Security Network, a private version of Kaspersky Security Network that allows enterprises to boost their detection speed with access to real-time global threat intelligence...See More

 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 22 August 2018 2:04 PM | 147 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI.... See More
 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 2:04 PM | 147 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI...See More

 
It’s Raining Pies! Nokia 6.1 Plus and Nokia 6.1 Upgrade to Android™ 9 Pie
Techworld Date Posted: 12 November 2018 4:22 PM | 421 Views
Packed with Google’s newest software and building on the features of Android™ 8.0 Oreo™, Android™ 9 Pie features artificial intelligence and machine learning to give owners a more customized and tailored experience.. See More
 
It’s Raining Pies! Nokia 6.1 Plus and Nokia 6.1 Upgrade to Android™ 9 Pie
Techworld Date Posted: 4:22 PM | 421 Views
Packed with Google’s newest software and building on the features of Android™ 8.0 Oreo™, Android™ 9 Pie features artificial intelligence and machine learning to give owners a more customized and tailored experience.See More

 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 29 October 2018 5:13 PM | 265 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.. See More
 
HyperX Brings Alloy FPS RGB and Cloud Earbuds to PC and Nintendo Switch Gamers
Techworld Date Posted: 5:13 PM | 265 Views
HyperX®, the gaming division of Kingston Technology, has announced the Alloy FPS RGB Mechanical Gaming Keyboard and the Cloud Earbuds are both available in Malaysia.See More

 
Lenovo Talks Digital Transformation Success for Public, Private Orgs
Techworld Date Posted: 11 June 2019 9:54 AM | 122 Views
With digital transformation a priority for both public and private organizations to improve operations, leading technology company Lenovo is urging leaders to focus on the three core aspects of workspace, workculture, and workforce for.... See More
 
Lenovo Talks Digital Transformation Success for Public, Private Orgs
Techworld Date Posted: 9:54 AM | 122 Views
With digital transformation a priority for both public and private organizations to improve operations, leading technology company Lenovo is urging leaders to focus on the three core aspects of workspace, workculture, and workforce for...See More

 
Kingston Encrypted USB Drives Are Key Components of Impending GDPR Compliance
Techworld Date Posted: 22 May 2018 10:29 AM | 753 Views
Kingston, a world leader in memory products and technology solutions, has been at the forefront of how the new General Data Protection Regulation (GDPR) cybersecurity regulations effective this month will affect anyone who processes.... See More
 
Kingston Encrypted USB Drives Are Key Components of Impending GDPR Compliance
Techworld Date Posted: 10:29 AM | 753 Views
Kingston, a world leader in memory products and technology solutions, has been at the forefront of how the new General Data Protection Regulation (GDPR) cybersecurity regulations effective this month will affect anyone who processes...See More

PCBG  Writing Staff
Don’t Shoot Me, Shoot the Evil Twin!
Techworld • By: PCBG  Writing Staff | Date Posted: 21 March 2018 2:52 PM | 117 Views
The number of cybercriminals is increasing. Today, we have all sorts of news going on about cyberattacks on businesses and individuals, all having different motives, from political activism, to monetary gain, to downright sociopathic.... See More
PCBG  Writing Staff
Don’t Shoot Me, Shoot the Evil Twin!
Techworld • By: PCBG  Writing Staff | Date Posted: 2:52 PM | 117 Views
The number of cybercriminals is increasing. Today, we have all sorts of news going on about cyberattacks on businesses and individuals, all having different motives, from political activism, to monetary gain, to downright sociopathic...See More

 
MSI-ECS Offers New Training Courses to Expand ICT Learning Platform
Techworld Date Posted: 8 January 2019 1:43 PM | 134 Views
As more local enterprises develop a growing appetite for digital technologies, country’s largest distributor MSI-ECS Philippines Inc., hopes to complement this growth by expanding its education platform. See More
 
MSI-ECS Offers New Training Courses to Expand ICT Learning Platform
Techworld Date Posted: 1:43 PM | 134 Views
As more local enterprises develop a growing appetite for digital technologies, country’s largest distributor MSI-ECS Philippines Inc., hopes to complement this growth by expanding its education platformSee More

 
Star Wars™: Jedi Challenges, A New Smartphone-Powered Augmented Reality Experience Is Now in the Philippines
Techworld Date Posted: 8 November 2017 5:23 PM | 99 Views
Lenovo (HKSE: 992) (ADR: LNVGY) and Disney today unveiled Star Wars: Jedi Challenges, a new augmented reality Star Wars product that allows fans to experience Star Wars in ways never before possible. See More
 
Star Wars™: Jedi Challenges, A New Smartphone-Powered Augmented Reality Experience Is Now in the Philippines
Techworld Date Posted: 5:23 PM | 99 Views
Lenovo (HKSE: 992) (ADR: LNVGY) and Disney today unveiled Star Wars: Jedi Challenges, a new augmented reality Star Wars product that allows fans to experience Star Wars in ways never before possibleSee More

 
Stand-Out Customized Labels Make the Difference
Techworld Date Posted: 29 July 2019 10:00 AM | 214 Views
Stand-Out Customized Labels Make the Difference. See More
 
Stand-Out Customized Labels Make the Difference
Techworld Date Posted: 10:00 AM | 214 Views
Stand-Out Customized Labels Make the DifferenceSee More


Power by

Download Free AZ | Free Wordpress Themes