HomeBlogsadmin's blog › Financial sector targeted in e-mail Trojan attacks ›

Financial sector targeted in e-mail Trojan attacks

Submitted by admin on November 28, 2007 - 00:00.

【Notice of the federal Department of Justice】Such kind of frauds usually use phone or letter to thieve people’s identity and backing accounts. While consumers are the most obvious victims, the threat spreads far wider. Scammers are more targeted to company’s founders or finance managers. They send out an email that mail header contains receiver’s full name to lure these executives to open it. With email title usually pretends to be the name of some government agencies or the federal Department of Justice, it’s easy to win trust. The email is not asking for remittance or revealing personal information but to injure the recipient’s PC. When they open the attached files, Trojans will be implanted to steal commercial or financial information in order to obtain greater profit. Information likes merger news, business secrets or financial statements are the scammers’ target.
Cellopoint Lab says that staff did not have sufficient knowledge of fraud to identify the indicators that fraud may have been committed. Hackers can easily pass through the security firewall of hardware and software; and scam the personal account passwords and financial information. They can thieve or modify important information which causes poor reputation and it just get more serious as other forms of hacking attacks.

General mail counterfeiting practices include:
1. Header fraud: the mail subject is disguised as official document title, such as "2007 employees’ welfare purchase program", "XX general manager’s open letter to employees", "Information Center bulletin."
2. Bogus sender: pretend as colleagues, competitors, vendors, customers, or government institutions.
3. Content falsification: hackers intercept legitimate mail, doctor with the email content then sent to the recipient.
4. Fake URL links: lure users to click on a fake website.
5. Embedded e-mail form: a form with user’s input was transferred back to hackers.

Cellopoint Lab explains that the fundamental solution is to add identity verification to email, made it identified as a truly genuine sender / sending unit, and its content without being altered. Certificates can be applied on as email digital signatures. Sending email with digital signatures provides the Integrity of email, Authentication and Non-Repudiation. Just like a confirmation of the identity of senders or a security label, it prevents mail counterfeiting effectively.