Semalt Expert Warns Of Spam Striking Germans With Personalized Mails
Germany has been hit by a scourge that involves widespread spam messages targeting the population with personalized messages. The recipients get email notification prompts that are customized with specific personal details. These emails contain the recipient's full name, telephone number, and the mailing address.
Andrew Dyhan, a top specialist from Semalt, assures that the subject of these emails is that a recipient's payment for a large bill failed and the message continues by threatening to send the matter to a law enforcement or collection agency if the payment is not made within a specified time frame. The business name used in the messages varied slightly among users, but the personal information detail was similar in all cases both in the message and in the malicious file.
This kind of news look authentic and prompt the target to click on the email notification. Symantec researchers noted that similar attacks were made to targets in the United Kingdom and spread widely in April, 2016. On clicking the spam message, malware capable of exposing banking information infects the recipient's windows computer. The spam messages also probe the targets for their personal account information and bank details.
Most of the latest spam messages received have been reported to be written in German. Some researchers (Symantec) compared the similarities between these messages and those that had previously been sent to other targets in the United Kingdom and found a match. The spam messages on both occasions had personal information about the target embedded in the middle of the message. The only difference is that spam messages sent to targets in the United Kingdom got the recipients to click on a link leading to a malicious site, but the German emails contained a payload in form of a .zip attachment. It was odd because the German spam messages had the .zip archive attachment enclosed to another .zip archive attachment.
The German spam email containing the payload uses a '.com' file suffix. This file has been scrubbed off much of its identifying information that would otherwise disclose its origin. Lack of malware identification on file does not make it safe, it is a modern executable malware. Trojan.Nymaim.B (a sample detected by Symantec researchers) used complex sandbox evasion techniques to prevent it from running on a virtual machine. The malware is designed to steal, covertly, banking credentials and other personal information when the target logs in.
Personal information from public platforms and websites is used by spammers to craft their skills and send spam emails to unsuspecting targets. The increased use of the internet and various technological advancements pose a risk to email recipients, and this type of attack is expected to be on the rise in future. Email users are advised by Symantec to call the email sender to confirm any spam messages before taking action on such emails whether the source is trusted or not. Deleting any suspicious looking emails is also important especially if they contain attachments and links. Keeping the computer's security software updated at all times will curb the risk and protect the user against any new malware variations. Blocking emails, using email-filtering services, associated with this kind of attacks can keep an email recipient safe.