Proofpoint: Security, Compliance and the Cloud

June 19, 2009

No Summer Vacation from Spam: Live Email Security Webinar July 15 - and Some New Spam Sightings

Miss-you-Canadian-Pharmacy-Spam Proofpoint's live web seminar series for 2009 continues with "No Summer Vacation from Spam," being held on Wednesday, July 15th 2009 at 11:00 a.m. Pacific/2:00 p.m. Eastern time. You can register here:

No Summer Vacation from Spam - Live Proofpoint Webinar

Proofpoint spam expert Nithin Rao will discuss the latest trends in spam volume, spam composition, spam techniques, emerging malware, blended threats and much more.

BofA-Phish-Example-061909And, as if to reinforce the truth of that webinar's title, I see that some of my personal email accounts (which I use as sort of minispam traps -- they don't have spam protection in front of them so I see interesting new spams) have a lot of pretty clever spam and phish in them today.

The top image at left (click it to see full-size example) is a variation on image-based spam from our old friends at "Canadian Pharmacy." The payload is in an image, but there's some legitimate looking hashbusting text in the footer. This is the sort of message that will fool less sophisticated anti-spam solutions.

Interestingly, the click-through URLs for this seem to route to a Yahoo Groups address - which likely redirects to their online store site. Do I need to tell you that it's a bad idea to actually shop there?

The subject line in that one cracks me up... Aw shucks, I've missed you, too, Canadian Pharmacy...

The second example is a pretty convincing looking phishing attack that spoofs Bank of America. We've seen a lot of these in spam traps today and there seem to be similar attacks spoofing Chase, SunTrust and others being widely spammed. (Click the image for a full-sized version.)

In this phishing attack, recipients are being asked to, yes, update their personal information in a "new version of Bank of America Customer Form." The form URL itself is not linked to an actual Bank of America URL, of course, but instead directs to a spoofed site hosted with domain name hflij1.net.

As I've said time and time again in this and other forums: Don't click these kinds of links. If you get a message like this and it inspires you to update your information at your bank or other online service, type the address directly into your browser rather than following a link.

Posted by Keith R. Crosley at 2:28 PM
Anti-spam

Technorati Tags: , , , , , , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c0115703b1281970c

Listed below are links to weblogs that reference No Summer Vacation from Spam: Live Email Security Webinar July 15 - and Some New Spam Sightings:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption