MORE SOPHISTICATED PHISHING ATTACKS CATCH CONSUMERS
Phishing scams are not new. Everyone with an e-mail account has probably received the email from another country, perhaps even from a fictional prince, offering riches in return for a small investment that will help some mysterious stranger out of terrible trouble. You’ve also probably heard the stories of the well-intentioned e-Samaritans who want to help, only to find themselves conned out of money and good faith.
You might still get that typo-ridden e-mail from abroad, but now you need to look for a new threat that is equally insidious and perhaps even more dangerous.
Recently, one of our researchers received such an email, one that appeared to come from American Airlines.
Since the researcher had no travel plans, we became concerned that this was a phishing attack. We sent the email to a Gmail account, where it was rejected it because Gmail found “a potential security issue”.
We decided to download the attachment and monitor the progress of the download closely. Our anti-virus application immediately caught and removed the Trojan from the system.
When going to the Symantec web site, we found this information on the W97MDownloader Trojan - http://www.symantec.com/security_response/writeup.jsp?docid=2014-110100-2117-99&tabid=2.
This is a type of Word marco Trojan that downloads other malware.
A more technical description of the Trojan is also found on the web page.
The technical details section also has recommendation for mitigation of the Trojan.
Although phishing attacks have been around a long time, newer versions are continually created and sent to users. Following basic security guidelines such as not opening links you do not know or downloading documents or files you are not sure of can save you headaches and time in the future. Also, make sure your operating system is patched and you have the latest updates for your anti-virus programs installed. There are no guarantees you will never get malware, but this will help keep known threats at bay.
Back to original note, American Airlines knows this is a concern and provides opportunities for consumers to take action. If you receive a suspicious email that appears to be from American, you can compare it to other phish emails at www.aa.com/phishing. On American’s website, the airline instructs consumers concerned they have received a phishing email to: “not click on any links, open any attachments, call any phone numbers listed or follow any instructions in the email. Instead, forward a copy of the email, including the header to [email protected] so that we can investigate further."
Furthermore, the blog says: "American Airlines will never ask you to perform security-related changes to your account in this fashion or send emails to collect user names, passwords, email addresses or other personal information. If you receive an email claiming to be from American Airlines, that asks for account information, it should be considered fraudulent and an attempt to obtain personal information that may be used to commit fraud.”
Other companies do provide similar services. Again, go to the website from a browser from a search and NOT from a link provided in the email. If you are concerned about the email itself, then you should be concerned about any link inside the email – even if the address likes right or the graphics look the same as what you see on the site. It isn’t safe.
Below is an abbreviated list of sites where you can get information on internet or email scams.
- FBI Fraud Site– http://www.fbi.gov/scams-safety/fraud/internet_fraud
- Federal Government Fraud Site - http://www.usa.gov/Citizen/Topics/Internet-Fraud.shtml
- Snopes – www.snopes.com