Phishing attacks upload malware

  • Los Angeles Times
  • Friday, July 26, 2013 3:27pm
  • Business

At least 2 million people received the email May 16 notifying them that an order they had just made on “Wallmart’s” website was being processed, though none of them had done any such thing.

Still, thousands of people clicked on the link in the email, taking many of them to a harmless Google search results page for “Walmart.” Others weren’t so fortunate. The link led to the invisible download of malware that covertly infected their personal computers, turning them into remotely controlled robots for hackers, according to email security firm Proofpoint Inc.

These sorts of “phishing” attacks are not only becoming more common but also are getting more lethal, with fake emails becoming harder to distinguish from real ones.

In the fake-Wal-Mart attack, people missed clear warning signs — such as the company name being misspelled and the sender’s address being very long and strange. But in another case a month later, an email claiming to be from American Airlines carried no visible hints that it was illegitimate.

The sophisticated attacks are targeting the likes of attorneys, oil executives and managers at military contractors. The phishers are increasingly trying to get proprietary documents and pass codes to access company and government databases.

Nearly every incident of online espionage in 2012 involved some sort of a phishing attack, according to a survey compiled by Verizon Communications Inc., the nation’s largest wireless carrier.

Several recent breaches at financial institutions, media outlets and in the video game industry have started with someone’s log-in information being entered on a false website that was linked to in an email.

When an Associated Press staff member received an email in April that appeared to be from a colleague, the individual didn’t hesitate to click on the link. But that link led to the installation of a “keylogger” that enabled a hacker to monitor keystrokes and see the password for the Associated Press’ Twitter account.

The hacker posted a tweet from the account saying that someone had bombed the White House. As investors reacted to the tweet, the S&P 500 index’s value fell $136 billion. The parody news site the Onion fell prey to a similar, though less costly, attack.

Chandra McMahon, the chief information security officer for military technology giant Lockheed Martin Corp., said phishing attacks aimed at its employees try to replicate emails and websites of industry organizations that its employees visit on a regular basis.

“They are compromised by adversaries because they are the perfect spot to put malware because a lot of the employees from the industry will go there,” McMahon said.

As technology firms find ways to make emails safer for consumers, some security experts suggest treating every link skeptically. So if you can never click on a link in an email again, what options are left? Here are some suggestions from security experts:

Open links on an email app on Apple Inc.’s iPad or iPhone. These devices have fewer vulnerabilities so malware is unlikely to stick or get attached by clicking on a bad link. Android devices aren’t as foolproof, but smartphones certainly have fewer holes than personal computers.

A few tech companies are promoting a new technology known as Domain-based Message Authentication, Reporting &Conformance, or DMARC, that offers users a visual indication that an email is coming from the legitimate vendor. For example, real emails from EBay Inc. in Gmail include a key next to the “from” field. In Microsoft Corp.’s Outlook, a green key is the sign. Despite a push from firms such as email security provider Agari Data Inc., not every major company has joined this effort.

Other companies are taking different approaches. Wal-Mart Stores Inc., for one, is devising its own tool. Others are trying to block bad emails from reaching the inbox by harnessing the power of big data to see whether a message has the right context clues, anyone’s ever received a similar email or whether the sender’s ever been replied to. Technology from Proofpoint rewrites a URL, redirecting users to a cloud-based environment in which the email is opened behind the scenes. If malware is found, the user is blocked from visiting the website.

In essence, Proofpoint Chief Executive Gary Steele said, “we click for you in a sandbox in the sky.”

This last approach does raise some privacy concerns, but Steele says all information sent online is encrypted and stored under lock and key. Only the customer has the key, so a judicial body must go to the customer directly to get that key.

With the warnings about these sophisticated and consequential attacks starting to grow, it’s possible employees could start facing repercussions for not being cautious with links.

Peter Toren, a former Justice Department computer crimes prosecutor, said he hasn’t heard of any companies firing someone for introducing malware into a corporate system by clicking a link. But he said a company might eventually have to make an example of someone.

“They certainly wouldn’t sue an employee, because they don’t have deep pockets to pay a claim,” Toren said. “But it certainly could be grounds for termination. You failed to listen to us. You failed to follow training.”

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

A closing sign hangs above the entrance of the Big Lots at Evergreen and Madison on Monday, July 22, 2024, in Everett, Washington. (Ryan Berry / The Herald)
Big Lots announces it will shutter Everett and Lynnwood stores

The Marysville store will remain open for now. The retailer reported declining sales in the first quarter of the year.

George Montemor poses for a photo in front of his office in Lynnwood, Washington on Tuesday, July 30, 2024.  (Annie Barker / The Herald)
Despite high mortgage rates, Snohomish County home market still competitive

Snohomish County homes priced from $550K to $850K are pulling in multiple offers and selling quickly.

Henry M. Jackson High School’s robotic team, Jack in the Bot, shake hands at the 2024 Indiana Robotics Invitational.(Henry M. Jackson High School)
Mill Creek robotics team — Jack in the Bot — wins big

Henry M. Jackson High School students took first place at the Indiana Robotic Invitational for the second year in a row.

The computer science and robotics and artificial intelligence department faculty includes (left to right) faculty department head Allison Obourn; Dean Carey Schroyer; Ishaani Priyadarshini; ROBAI department head Sirine Maalej and Charlene Lugli. PHOTO: Arutyun Sargsyan / Edmonds College.
Edmonds College to offer 2 new four-year degree programs

The college is accepting applications for bachelor programs in computer science as well as robotics and artificial intelligence.

Everett Mayor Cassie Franklin, Advanced Manufacturing Skills Center executive director Larry Cluphf, Boeing Director of manufacturing and safety Cameron Myers, Edmonds College President Amit Singh, U.S. Rep. Rick Larsen, and Snohomish County Executive Dave Somers participate in a ribbon-cutting ceremony on Tuesday, July 2 celebrating the opening of a new fuselage training lab at Paine Field. Credit: Arutyun Sargsyan / Edmonds College
‘Magic happens’: Paine Field aerospace center dedicates new hands-on lab

Last month, Edmonds College officials cut the ribbon on a new training lab — a section of a 12-ton Boeing 767 tanker.

Gov. Jay Inslee presents CEO Fredrik Hellstrom with the Swedish flag during a grand opening ceremony for Sweden-based Echandia on Tuesday, July 30, 2024, in Marysville, Washington. (Ryan Berry / The Herald)
Swedish battery maker opens first U.S. facility in Marysville

Echandia’s marine battery systems power everything from tug boats to passenger and car ferries.

Helion Energy CEO and co-founder David Kirtley talks to Governor Jay Inslee about Trenta, Helion’s 6th fusion prototype, during a tour of their facility on Tuesday, July 9, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
State grants Everett-based Helion a fusion energy license

The permit allows Helion to use radioactive materials to operate the company’s fusion generator.

People walk past the new J.sweets storefront in Alderwood Mall on Thursday, July 25, 2024, in Lynnwood, Washington. (Olivia Vanni / The Herald)
New Japanese-style sweets shop to open in Lynnwood

J. Sweets, offering traditional Japanese and western style treats opens, could open by early August at the Alderwood mall.

Diane Symms, right, has been the owner and CEO of Lombardi's Italian Restaurants for more than three decades. Now in her 70s, she's slowly turning the reins over to her daughter, Kerri Lonergan-Dreke.Shot on Friday, Feb. 21, 2020 in Everett, Wash. (Andy Bronson / The Herald)
Lombardi’s Italian Restaurant in Mill Creek to close

Lombardi’s Restaurant Group sold the Mill Creek property currently occupied by the restaurant. The Everett and Bellingham locations remain open.

The Safeway store at 4128 Rucker Ave., on Wednesday, Nov. 29, 2023, in Everett, Washington. (Mike Henneke / The Herald)
Kroger and Albertsons plan to sell these 19 Snohomish County grocers

On Tuesday, the grocery chains released a list of stores included in a deal to avoid anti-competition concerns amid a planned merger.

Helion Energy CEO and co-founder David Kirtley talks to Governor Jay Inslee about Trenta, Helion's 6th fusion prototype, during a tour of their facility on Tuesday, July 9, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Inslee energized from visit to Everett fusion firms

Helion Energy and Zap Energy offered state officials a tour of their plants. Both are on a quest to generate carbon-free electricity from fusion.

Awards honor employers who promote workers with disabilities

Nominations are due July 31 for the awards from the Governor’s Committee on Disability Issues and Employment.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.