Experts from F-Secure, a US-based cyber security firm, have warned online shoppers about spam emails disguised as delivery notifications during the holiday season. They conducted a research into these aspects and spam emails are the most widely used method to spread malware.
The research estimates that 69 per cent of spam campaigns attempted to trick users into visiting malicious URLs and download a malware-laden file or commit another action that results in an infection. Malicious attachments were employed in the remaining 31 per cent of campaigns.
F-Secure Behavioural Science Lead Adam Sheehan said: “The kind of spam that criminals use doesn’t seem so spammy to a lot of people this time of year. More people are just more open to the commercial messages spammers like to spoof, which makes individuals more vulnerable at home and at work. Tests we performed using simulated Black Friday and Cyber Monday phishing emails saw about 39 percent more people click than similar tactics we use at other times during the year, which isn’t a trend we like to see.”
F-Secure Researcher Patricia Revilla-Dacuno warns that trends only tell part of the story.
“It’s true that we see less ransomware as the main payload in these spam emails, but it’s still frequently delivered as a follow-up payload by backdoors or bots. Infection chains are becoming more complicated and the Emotet banking trojan, which is fairly common, has evolved into a credential stealer and downloader, and now used in different ways for a variety of schemes,” said Revilla-Dacuno. “A couple of years ago we could have confidently pointed to ransomware as the big issue, but now there’s more of a variety of threats to watch out for.”