Enterprises face an increasing risk to their data security with criminal gangs increasingly turning to electronic confidence scams to garner prized business information, according to analysts at research firm Gartner.
Social engineering techniques that lure users into clicking or downloading malware are becoming increasingly sophisticated and will be a greater security problem than hacking, Gartner analysts warned at its European IT Symposium.
“Criminals are using social engineering to take the identity of someone either for profit, or to gather further information on an enterprise. This is not only a violation of the business, but of someone’s personal privacy,” said research director for information security and risk at Gartner, Rich Mogull.
Security vendor Sophos this week issued a warning against one such email confidence trick. Emails, claiming to be from Credit Suisse bank, offer an online training course to recipients who sign up. It is believed that these emails come from a Russian group of spammers and are designed to solicit bank account details from unsuspecting victims.
“This campaign involves luring people who may wish to generate an income from home into signing up for a fake training course that may teach them a very expensive lesson,” said Graham Cluley, senior technology consultant for Sophos.
Meanwhile email security providers MessageLabs also issued its own warning about a threat to Internet portal Yahoo, in which account holders are invited to confirm their ID numbers. This information is used to create a new account from which large volumes of spam can be sent.
“This scam is another demonstration of how spammers and fraudsters attempt to manipulate computer users into doing their dirty work for them,” said Alex Shipp, Senior Anti-Virus Technologist at MessageLabs. Shipp explained that one of the advantages for a spammer in this technique is that it makes “it harder to trace the spammers themselves.”