Traditional spam email attacks follow a mass-market, “one-size-fits-all” approach: by sending the same message to as many targets as possible, a small number of people will be tricked into sharing their passwords or downloading a malicious program.
But a new kind of attack, so-called “artisanal spam,” targets smaller groups with painstakingly crafted messages, with the aim of breaking through spam-filtering algorithms and achieving a higher rate of success.
Patrick Peterson, CEO of U.S. cyber-security firm Agari Data, says his company started noticing the attacks between six and nine months ago. Since then, he estimates, these kinds of attacks have numbered “in the low hundreds,” although he notes that it can be hard to track such relatively small attacks.
“It’s just a continuation of a long-term trend we’ve seen around criminal innovation,” Peterson told CBC News.
This new method of spamming, said Peterson, is more likely to slip through the spam filters built into most email clients, and more likely to get criminals what they want — account credentials like usernames and passwords, as well as potential targets for malware attacks.
French connection
The most notable incident so far, according to Peterson, took place on Oct. 13, 2015. It targeted about 5,000 French users of Apple’s popular iTunes music software, in a two-pronged attack designed to steal usernames and passwords, and possibly use those credentials to install malware on the victims’ computers.
The criminal or criminals behind the attack “carefully curated” a French-language email, said Peterson, and specifically targeted email accounts based in France. That ensured the recipients would be more likely to read the email. The attackers also targeted users of smaller, local French internet service providers, who Peterson said might not be targeted as frequently as users of major email services like Gmail or Hotmail.(Solomon Israel, CBC News)
Link: http://www.cbc.ca/news/business/phishing-artisanal-spam-1.3418651
20
