The security experts at Retarus are warning users about a spam wave spreading quickly across email inboxes. The email security provider has recently recorded a sharp rise in the volume of messages proposing that readers buy supposedly promising shares. By means of these investment recommendations, cyber criminals are trying to influence the share price of a particular company’s stock to their own advantage.
In the current wave of attacks, the authors are calling for recipients to buy securities in the company Quest Management. Through this scam the spammers are not only profiting from a short term rise in the share price based on demand for the stocks, but also stand to benefit from the subsequent crash by holding options. That this logic actually adds up was clearly shown by a similar attempt at fraud in March. The share price of InCaptcha initially sky-rocketed during a four-day spam wave and then plummeted just as fast thereafter. The stocks recommended in these types of spam emails are mostly so-called ‘penny stocks’, which are securities quoted at less than a dollar.
Fraudsters are using a worldwide botnet consisting of 400,000 computers
Retarus’ systems alone filter out around 9.3 million of these types of spam emails on a daily basis. According to analyses done by the security experts, the current attack is being carried out by a botnet which is estimated to have hijacked 400,000 computers to do its dirty work. In the current case the spammers are proceeding extremely insidiously, as the infected systems are not paralysed by distributing huge volumes of messages, as is usually the case. Instead, by limiting the transmission to a maximum of 50 emails per minute, their activities generally remain under the thresholds at which IT administrators would become aware of them.
Spam filters outsmarted by numerous text variations
The spammers also continually adapt and modify the text in the spam messages. The company name, for instance, was written in full in messages at the beginning of the attack, while in more recent versions only the securities identifier ‘QSMG’ is mentioned in a more coded way. The recommendation to buy the stocks is also substantiated in various ways – some emails refer to a forthcoming takeover and others herald an amazing breakthrough in cancer research. So for many conventional spam filters these kinds of attacks are difficult to identify in time, as they solely rely on searching for specific keywords.
That’s why it is crucial to keep the signatures of the spam and virus filters up to date at all times.
Retarus’ specialists moreover recommend that their customers adopt a basic principle of first shifting all messages with more than 60 percent likelihood of being spam into quarantine.
The human insecurity factor: Heightened vigilance essential
To safeguard themselves from the dangers of such fraud attempts, it is also absolutely essential that users have increased levels of vigilance and check the plausibility of messages more attentively. As with all scams the ‘human factor’ still remains an important issue with spam fraud. This means that companies need to take steps to sensitise their staff about these kinds of attacks on a regular basis. In the best case, real world examples should be used to heighten awareness and transparent, easy to follow guidelines should be provided for cases where suspicion arises.