Unfortunately, this spoofing has nothing to do with commedia dell’arte; in Italy, attackers are sending spam messages forged to appear to come from lawyers and directing recipients to download malware. There’s no reason to think it couldn’t happen here or elsewhere.
Download the software and the system picks up a nasty Trojan file, ready to grab information from the system and send it off to the criminals behind the scenes.
Call the lawyer, and find out she had nothing to do with the email in question.
McAfee’s Allysa Myers described the problem at the Avert Blog, and called it a demonstration of social engineering against “the little guy”:
Miscreants have also taken to heart the figures regarding the lack of security awareness in smaller businesses. Small companies may feel that they’re too insignificant to be targeted, but their machines may actually be just as valuable as someone in a Fortune 500 company.
Small businesses’ bandwidth is often better than a home user’s, their employees’ name and contact info can be used in schemes like this, they might be more apt to be hurt by Denial of Service attacks or extortion attempts, while they’re less apt to have trained or dedicated security staff.
Criminals online are no different than criminals offline – they try to target weak victims who are not aware of their surroundings in the hope of scoring some valuables with minimal work. Offline protection options are a little different than online ones too.
It’s important for the small businessperson to understand the value they possess in the form of customer information. A name, date of birth, and Social Security number are all a criminal needs to commit identity theft and fraud.
Be skeptical of emails that request action like the ones described, or worse, those that abuse a generous holiday spirit by representing a fake charity and soliciting a donation.
(Normally this story would appear in SecurityProNews but the topic matter is important enough that we want to make sure our business-oriented readers catch it.)
—
Tag:
Add to 
Bookmark murdok: 
David Utter is a staff writer for murdok covering technology and business.
