The biggest threat is posed by widespread emails claiming to include a greeting card attachment from friends, co-workers or family members, but unsuspecting clickers are instead diverted to a malicious webpage that attempts to exploit a vulnerability and upload malware, according to a FBI statement issued Tuesday.
Menashe Eliezer, who heads the detection center at anti-virus and anti-spam firm Commtouch, told SCMagazine.com web-borne threats are getting more sophisticated.
Two other scams claim to be coming from the FBI or a US military official. In the FBI example, the spammers offer lottery endorsements or inheritance money in exchange for a modest up-front payment, the warning said.
Emails said to be coming from military leaders allegedly attempt to dupe recipients out of funds that will be used to benefit soldiers stationed overseas.
Spammers use legitimate-looking content, such as pictures and letterheads, to make the emails look like the real thing, the warning said.
"It’s an illegitimate form of marketing, but [spammers] have to deal with the same issues [as real marketers] in terms of getting people to answer their call to action," Rebecca Herson, Commtouch’s senior director of marketing, told SCMagazine.com . "They’re trying to improve the look and feel of their campaigns the same way legitimate marketers are."
The FBI recommends users delete the "hoax" emails.
"Consumers need to be wary of unsolicited emails that request them to take any action, even if that means just clicking on an attachment," the warning said, adding that clicking could allow viruses or keyloggers to be installed on users’ machines.
Zulfikar Ramzan, senior principal researcher at Symantec, told SCMagazine.com that users should maintain an updated internet security solution, keep patches up to date and avoid following unknown links.
"These spam scams are particularly dangerous as many consumers consider communication from government agencies as credible," he said.
The FBI’s announcement was prompted by a high number of complaints lodged with the Internet Crime Complaint Center.
FBI warns of three spam hoaxes
By Dan Kaplan on Jul 19, 2007 10:07AM