Phishing attacks upload malware

  • Los Angeles Times
  • Friday, July 26, 2013 3:27pm
  • Business

At least 2 million people received the email May 16 notifying them that an order they had just made on “Wallmart’s” website was being processed, though none of them had done any such thing.

Still, thousands of people clicked on the link in the email, taking many of them to a harmless Google search results page for “Walmart.” Others weren’t so fortunate. The link led to the invisible download of malware that covertly infected their personal computers, turning them into remotely controlled robots for hackers, according to email security firm Proofpoint Inc.

These sorts of “phishing” attacks are not only becoming more common but also are getting more lethal, with fake emails becoming harder to distinguish from real ones.

In the fake-Wal-Mart attack, people missed clear warning signs — such as the company name being misspelled and the sender’s address being very long and strange. But in another case a month later, an email claiming to be from American Airlines carried no visible hints that it was illegitimate.

The sophisticated attacks are targeting the likes of attorneys, oil executives and managers at military contractors. The phishers are increasingly trying to get proprietary documents and pass codes to access company and government databases.

Nearly every incident of online espionage in 2012 involved some sort of a phishing attack, according to a survey compiled by Verizon Communications Inc., the nation’s largest wireless carrier.

Several recent breaches at financial institutions, media outlets and in the video game industry have started with someone’s log-in information being entered on a false website that was linked to in an email.

When an Associated Press staff member received an email in April that appeared to be from a colleague, the individual didn’t hesitate to click on the link. But that link led to the installation of a “keylogger” that enabled a hacker to monitor keystrokes and see the password for the Associated Press’ Twitter account.

The hacker posted a tweet from the account saying that someone had bombed the White House. As investors reacted to the tweet, the S&P 500 index’s value fell $136 billion. The parody news site the Onion fell prey to a similar, though less costly, attack.

Chandra McMahon, the chief information security officer for military technology giant Lockheed Martin Corp., said phishing attacks aimed at its employees try to replicate emails and websites of industry organizations that its employees visit on a regular basis.

“They are compromised by adversaries because they are the perfect spot to put malware because a lot of the employees from the industry will go there,” McMahon said.

As technology firms find ways to make emails safer for consumers, some security experts suggest treating every link skeptically. So if you can never click on a link in an email again, what options are left? Here are some suggestions from security experts:

Open links on an email app on Apple Inc.’s iPad or iPhone. These devices have fewer vulnerabilities so malware is unlikely to stick or get attached by clicking on a bad link. Android devices aren’t as foolproof, but smartphones certainly have fewer holes than personal computers.

A few tech companies are promoting a new technology known as Domain-based Message Authentication, Reporting &Conformance, or DMARC, that offers users a visual indication that an email is coming from the legitimate vendor. For example, real emails from EBay Inc. in Gmail include a key next to the “from” field. In Microsoft Corp.’s Outlook, a green key is the sign. Despite a push from firms such as email security provider Agari Data Inc., not every major company has joined this effort.

Other companies are taking different approaches. Wal-Mart Stores Inc., for one, is devising its own tool. Others are trying to block bad emails from reaching the inbox by harnessing the power of big data to see whether a message has the right context clues, anyone’s ever received a similar email or whether the sender’s ever been replied to. Technology from Proofpoint rewrites a URL, redirecting users to a cloud-based environment in which the email is opened behind the scenes. If malware is found, the user is blocked from visiting the website.

In essence, Proofpoint Chief Executive Gary Steele said, “we click for you in a sandbox in the sky.”

This last approach does raise some privacy concerns, but Steele says all information sent online is encrypted and stored under lock and key. Only the customer has the key, so a judicial body must go to the customer directly to get that key.

With the warnings about these sophisticated and consequential attacks starting to grow, it’s possible employees could start facing repercussions for not being cautious with links.

Peter Toren, a former Justice Department computer crimes prosecutor, said he hasn’t heard of any companies firing someone for introducing malware into a corporate system by clicking a link. But he said a company might eventually have to make an example of someone.

“They certainly wouldn’t sue an employee, because they don’t have deep pockets to pay a claim,” Toren said. “But it certainly could be grounds for termination. You failed to listen to us. You failed to follow training.”

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

Black Press Media operates Sound Publishing, the largest community news organization in Washington State with dailies and community news outlets in Alaska.
Black Press Media concludes transition of ownership

Black Press Media, which operates Sound Publishing, completed its sale Monday (March 25), following the formerly announced corporate restructuring.

Maygen Hetherington, executive director of the Historic Downtown Snohomish Association, laughs during an interview in her office on Thursday, Feb. 15, 2024, in Snohomish, Washington. (Ryan Berry / The Herald)
Maygen Hetherington: tireless advocate for the city of Snohomish

Historic Downtown Snohomish Association receives the Opportunity Lives Here award from Economic Alliance.

FILE - Washington Secretary of State Steve Hobbs poses in front of photos of the 15 people who previously held the office on Nov. 22, 2021, after he was sworn in at the Capitol in Olympia, Wash. Hobbs faces several challengers as he runs for election to the office he was appointed to last fall. (AP Photo/Ted S. Warren, File)
Secretary of State Steve Hobbs: ‘I wanted to serve my country’

Hobbs, a former Lake Stevens senator, is the recipient of the Henry M. Jackson Award from Economic Alliance Snohomish County.

Mark Duffy poses for a photo in his office at the Mountain Pacific Bank headquarters on Wednesday, Feb. 14, 2024 in Everett, Washington. (Annie Barker / The Herald)
Mark Duffy: Building a hometown bank; giving kids an opportunity

Mountain Pacific Bank’s founder is the recipient of the Fluke Award from Economic Alliance Snohomish County.

Barb Tolbert poses for a photo at Silver Scoop Ice Cream on Thursday, Feb. 29, 2024 in Arlington, Washington. (Annie Barker / The Herald)
Barb Tolbert: Former mayor piloted Arlington out of economic brink

Tolbert won the Elson S. Floyd Award, honoring a leader who has “created lasting opportunities” for the underserved.

Photo provided by 
Economic Alliance
Economic Alliance presented one of the Washington Rising Stem Awards to Katie Larios, a senior at Mountlake Terrace High School.
Mountlake Terrace High School senior wins state STEM award

Katie Larios was honored at an Economic Alliance gathering: “A champion for other young women of color in STEM.”

The Westwood Rainier is one of the seven ships in the Westwood line. The ships serve ports in the Pacific Northwest and Northeast Asia. (Photo provided by Swire Shipping)
Westwood Shipping Lines, an Everett mainstay, has new name

The four green-hulled Westwood vessels will keep their names, but the ships will display the Swire Shipping flag.

A Keyport ship docked at Lake Union in Seattle in June 2018. The ship spends most of the year in Alaska harvesting Golden King crab in the Bering Sea. During the summer it ties up for maintenance and repairs at Lake Union. (Keyport LLC)
In crabbers’ turbulent moment, Edmonds seafood processor ‘saved our season’

When a processing plant in Alaska closed, Edmonds-based business Keyport stepped up to solve a “no-win situation.”

Angela Harris, Executive Director of the Port of Edmonds, stands at the port’s marina on Wednesday, Jan. 24, 2024, in Edmonds, Washington. (Ryan Berry / The Herald)
Leadership, love for the Port of Edmonds got exec the job

Shoring up an aging seawall is the first order of business for Angela Harris, the first woman to lead the Edmonds port.

The Cascade Warbirds fly over Naval Station Everett. (Sue Misao / The Herald file)
Bothell High School senior awarded $2,500 to keep on flying

Cascade Warbirds scholarship helps students 16-21 continue flight training and earn a private pilot’s certificate.

Rachel Gardner, the owner of Musicology Co., a new music boutique record store on Thursday, Jan. 18, 2024 in Edmonds, Washington. Musicology Co. will open in February, selling used and new vinyl, CDs and other music-related merchandise. (Olivia Vanni / The Herald)
New Edmonds record shop intends to be a ‘destination for every musician’

Rachel Gardner opened Musicology Co. this month, filling a record store gap in Edmonds.

MyMyToyStore.com owner Tom Harrison at his brick and mortar storefront on Tuesday, Sept. 6, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Burst pipe permanently closes downtown Everett toy store

After a pipe flooded the store, MyMyToystore in downtown Everett closed. Owner Tom Harrison is already on to his next venture.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.