Kaspersky researchers have identified a growth in the usage of cunning spam and phishing delivery technique. Malicious internet users are increasingly exploiting registration, subscription, and feedback forms on websites to insert spam content or phishing links into confirmation emails from respected and trustworthy companies on a global scale.

 

Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients, while bypassing existing content filters. Ideally, they try to make letters come from a legitimate source with a good reputation so that users cannot ignore the unwanted email. This also creates a challenge for companies as this unwanted spam or even malicious content, seemingly sent on their behalf, could compromise their customers’ trust or even lead to personal data leaks.

 

The method is quite simple and effective. Today, almost every company is interested in receiving feedback from their clients to improve the quality of service, customer retention, and reputation. To do this, companies ask customers to register a personal account, subscribe to newsletters or communicate with feedback forms on the website, for example, to ask questions or leave suggestions. These are exactly the mechanisms that attackers are exploiting.

 

All three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback. According to Kaspersky researchers, scammers are adding spam content and phishing links into this mail. They simply add the victim’s email address into the registration or subscription form and type their message instead of the name. The website will then send a modified confirmation letter to that address, containing an advertisement or phishing link at the beginning of the text instead of the recipient’s name.

 

“Most of these modified letters are linked to online surveys designed to obtain personal data from visitors. Notifications from a reliable source usually pass through content filters with ease, as they are official messages from a reputable company. This is why this new method of unwanted, yet seemingly innocent, spam emailing is so effective and worrying,” notes Maria Vergelis, security expert at Kaspersky.


 

To keep companies from possible reputational losses, we advise:

  • To check how the feedback forms work on your website
  • To embed several verification rules that would cause an error when trying to register a name with inappropriate symbols
  • To conduct a vulnerability assessment of the website, if possible.

 

Read the full text of the report on Kaspersky Daily.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Kaspersky APAC Managing Director Wins Executive of the Year Award Three Years in a Row
Techworld Date Posted: 4 December 2019 9:20 AM | 251 Views
Kaspersky APAC Managing Director Wins Executive of the Year Award Three Years in a Row. See More
 
Kaspersky APAC Managing Director Wins Executive of the Year Award Three Years in a Row
Techworld Date Posted: 9:20 AM | 251 Views
Kaspersky APAC Managing Director Wins Executive of the Year Award Three Years in a RowSee More

 
PowerGhost: New Fileless Crypto-Miner Targets Corporate Networks across the World
Techworld Date Posted: 8 August 2018 4:58 PM | 762 Views
Kaspersky Lab researchers have found a new crypto-currency miner – PowerGhost – which has hit corporate networks in several regions, mostly in Latin America.. See More
 
PowerGhost: New Fileless Crypto-Miner Targets Corporate Networks across the World
Techworld Date Posted: 4:58 PM | 762 Views
Kaspersky Lab researchers have found a new crypto-currency miner – PowerGhost – which has hit corporate networks in several regions, mostly in Latin America.See More

 
Realme 3 Marks PH Entry with Shopee Promo
Techworld Date Posted: 23 March 2019 10:14 AM | 473 Views
Budget smartphone disruptor realme 3 is finally here in the Philippines, ready to let Filipinos #DiscoverRealValue. To celebrate the arrival of the smartphone in the country, realme Philippines joins Shopee’s March 25 Flash Sale.... See More
 
Realme 3 Marks PH Entry with Shopee Promo
Techworld Date Posted: 10:14 AM | 473 Views
Budget smartphone disruptor realme 3 is finally here in the Philippines, ready to let Filipinos #DiscoverRealValue. To celebrate the arrival of the smartphone in the country, realme Philippines joins Shopee’s March 25 Flash Sale...See More

 
Realme Philippines Shakes Up PH Entry-Level Segment with realme C2
Techworld Date Posted: 1 June 2019 11:23 AM | 487 Views
Realme Philippines once again claims the entry-level throne with its newest budget smartphone royalty, the realme C2. With its sleek and chic build, higher-tier performance and long-lasting battery, the latest budget segment disruptor is.... See More
 
Realme Philippines Shakes Up PH Entry-Level Segment with realme C2
Techworld Date Posted: 11:23 AM | 487 Views
Realme Philippines once again claims the entry-level throne with its newest budget smartphone royalty, the realme C2. With its sleek and chic build, higher-tier performance and long-lasting battery, the latest budget segment disruptor is...See More

 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 20 October 2018 9:16 AM | 195 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the.... See More
 
ADATA P10050C Power Bank Wins Golden Pin Design Award 2018
Techworld Date Posted: 9:16 AM | 195 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, is proud to announce that its P10050C power bank has won the Golden Pin Design Award 2018. This win for the...See More

 
The Shifting AI-Driven Threat Landscape
Techworld Date Posted: 18 February 2019 1:05 PM | 433 Views
As the modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture.. See More
 
The Shifting AI-Driven Threat Landscape
Techworld Date Posted: 1:05 PM | 433 Views
As the modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture.See More

 
Lenovo SM Megamall Concept Store Gets a Sleek Modern Revamp
Techworld Date Posted: 1 August 2019 2:00 PM | 231 Views
Lenovo SM Megamall Concept Store Gets a Sleek Modern Revamp. See More
 
Lenovo SM Megamall Concept Store Gets a Sleek Modern Revamp
Techworld Date Posted: 2:00 PM | 231 Views
Lenovo SM Megamall Concept Store Gets a Sleek Modern RevampSee More

 
Four Skills CISOs Should Develop to Succeed in 2019
Techworld Date Posted: 15 March 2019 3:01 PM | 195 Views
As cyber-risks became a business issue, the role of the CISO in an organization has changed. The modern CISO is not just a head of department, responsible for implementation and management of security controls. See More
 
Four Skills CISOs Should Develop to Succeed in 2019
Techworld Date Posted: 3:01 PM | 195 Views
As cyber-risks became a business issue, the role of the CISO in an organization has changed. The modern CISO is not just a head of department, responsible for implementation and management of security controlsSee More

 
CYBER HYGIENE 101: Kaspersky Lab Underscores Securing Digital Assets Like Physical Valuables
Techworld Date Posted: 5 October 2018 5:23 PM | 535 Views
With the undeniable dependency of humans to their connected devices, amid the steadily increasing number of attacks and the whopping costs of successful data breaches, Kaspersky Lab recently stressed the need for improved cyber.... See More
 
CYBER HYGIENE 101: Kaspersky Lab Underscores Securing Digital Assets Like Physical Valuables
Techworld Date Posted: 5:23 PM | 535 Views
With the undeniable dependency of humans to their connected devices, amid the steadily increasing number of attacks and the whopping costs of successful data breaches, Kaspersky Lab recently stressed the need for improved cyber...See More

 
Maynilad Water Services named Philippines’ “Digital Transformer of the Year” at IDC’s Digital Transformation Awards (Dxa)
Techworld Date Posted: 22 November 2017 5:05 PM | 69 Views
  IDC concluded its 11-month search for the Philippines’ best digital transformation (DX) initiatives, naming Maynilad Water Services Inc. as the 2017 “Digital Transformer of the Year” in the inaugural run of IDC DX.... See More
 
Maynilad Water Services named Philippines’ “Digital Transformer of the Year” at IDC’s Digital Transformation Awards (Dxa)
Techworld Date Posted: 5:05 PM | 69 Views
  IDC concluded its 11-month search for the Philippines’ best digital transformation (DX) initiatives, naming Maynilad Water Services Inc. as the 2017 “Digital Transformer of the Year” in the inaugural run of IDC DX...See More


Power by

Download Free AZ | Free Wordpress Themes