Panda Security: Spoof Federal Reserve emails: spam that appears to be phishing
November 2008 by Panda Security
In recent weeks, PandaLabs has detected emails in circulation claiming to be from the US "Federal Reserve Bank" (picture at: http://www.flickr.com/photos/panda_security/3024938814/)
These emails warn users that given the vast amount of phishing attacks on US banks, it has been decided to implement a series of restrictions on online banking transactions. There is a link in the message through which users can supposedly access more information. However, users that click the link will find themselves directed to Web pages with adverts for pornography or pharmaceuticals.
"When we first saw these emails, the assumption was that they were phishing messages, as they falsely claimed to have been sent from a bank, the typical ploy used in that type of fraud. However, in this case they are being used as social engineering to lure users into visiting websites offering a range of products", explains Luis Corrons, technical director of PandaLabs.
The aim of these mails is to get as many users as possible to visit these pages, on the assumption that a certain percentage will end up making purchases.
Coincidentally, the University of California has published a report (http://www.techradar.com/news/computing/spammers-get-1-response-to-12-500-000-emails-483381) this week detailing how just one in every 12.5 million mails gets a response. According to Gartner however, the amount of users that fall victim to phishing emails is as high as 3.3 percent.
"In any event, it is concerning to find that even a low percentage of results can return significant profits for cyber-crooks. This is because lists of email addresses are sold at such low prices on the Internet, that spammers can quickly cover their investment", says Corrons.