Phishers appear to be using techniques learned from the targeted advertising industry. Security professionals have long wondered why phishing emails are, in general, so poorly crafted, and why they don't use a handful of basic techniques which would undoubtedly improve their hit rate, and lead to increased revenue generation from phishing. In the "Today @ PC World blog, Erik Larkin discusses an email which alarms the PC World analysts (see: Threat Alert: Sophisticated E-mail Attacks Spread [PC World]). The email arrived with a well crafted text body which passed the usual "first glance" tests for spam or phishing: bad spelling, bad grammar, incorrect addressee name, mis-matched sender. It appeared to be a boring business email with a word document attached. Security researchers have known for many years that phishers typically don't employ a handful of techniques which would pretty clearly boost their success rates, techniques which are not entirely unknown in the related adware "industry". Today the following ideas might seem obvious, but it has only been recently that phishers show signs of interest in these techniques.
- Copy editing text and documents Spam and phishing emails often contain many awkward phrases and other flaws which alert the intended victim that "something is amiss". Security researchers have long suspect that the simple step of using a word processor to perform spell checking and grammar checking the text of a phishing email would significantly increase the "hit rate" because many recipients cite poor grammar and spelling as the primary tip-off.
- Matching the correct name to an email address for the recipient Your email might be: "firstname.lastname@example.org" but phishers and spammers will address their email to: "Sarah <email@example.com>" rather than to the obvious: "John Q. Public <firstname.lastname@example.org>"
- Internal consistency within the email of the spoofed sender Spam and phishing often don't appear to be "From:" the same person who signed the bottom of the email.
- Using modern software development tools and techniques to target their population of intended victims Phishers often spam many millions of people with the same email. This allows anti-spam software both sufficient time and sufficient odds to capture, analyze, and block many, even the vast majority of those emails. If instead, phishers sent Wells Fargo phishing emails only to known Wells Fargo customers, then the time it takes to capture the emails goes up, and the number of potentially profitable victims (those with Wells Fargo accounts to be drained) who are reached in the critical first few days goes up, perhaps by a lot. Phishers and spammers have access to a great deal of data. They could use that data with the help of some custom software such as a web crawler, a few plugins to their existing bot, virus, and worm code, and a database, to dramatically improve their ability to target their phishing emails.
The first thing I did upon receiving this was wonder if there was an organization silly enough to send out such an email. I thought it unlikely, but certainly not impossible. I Googled "American Deaf Network", and found only one reference to it, declaring it to be a scam, as suspected. These two examples, from PC World and above, are undoubtedly the tip of what will be an iceberg of more sophisticated and polished phishing email scams. This is a new cycle in the phishing arms race. Additional details on the "proforma-invoice.doc email can be found here: Avinti Security Briefing: Proforma Invoice [Avinti.com].
Attn: American Deaf Network has several projects planned and in the process, we [in process. We] also work along side National Organizations to build safer communities for those affected in these rural areas. American Deaf Network receives donations on a daily basses from all over the world. We are seeking your assistance to work for the foundation and get paid. We do not require your full time or effort All you will need to do is to receive donations on behalf of the foundation. Donation comes in Checks and Money Orders. You will be paid a montly salary of $1,105.00. Please get back at us [get back to us] indicating your interest on making the world a better place for the deafs [the deaf]. Send us the following information to immidiately process your application. First Name. Last Name. Address. Contact Phone Make sure you send the requested information to the below email. email@example.com Have a nice day. American Deaf Network 30045 Alicia Parkway #150 Laguna Niguel, CA 92677 USA]