Spam scams targeting smaller firms

Think you're too small to be singled out? You could be just who the spammers are looking for...

Think you're too small to be singled out? You could be just who the spammers are looking for...

Most email users are familiar with large-scale spam broadcasts containing generic offers such as medications or financial services, or notorious scams sent out to random millions of recipients. But one security expert has warned that smaller companies are increasingly being singled out with highly targeted email scams.

Enrique Salem, senior VP security products at Symantec, highlighted to a couple of cases where small companies have been targeted with scams tailored just to them.

For example, during a merger with a larger firm one small company began receiving emails addressed to its employees, apparently coming from the new parent company.

The emails invited employees to register for their HR benefits with their new employer.

With no reason to suspect it could be anything other than a genuine email from their new employers, many staff submitted their personal details including name, date of birth and social security numbers.

"By the time the company realised what was going on it was too late, many of the employees had submitted their details," said Salem, who warned that such finely tailored scams look set to increase.

Salem said traditional threats such as viruses and bulk mail "are interesting and companies definitely still need to be protected against them but they are yesterday's problem".

He added: "Phishing and this level of socially engineered threat is today's problem." But even since the early days of crude phishing attempts Salem said "the approach has absolutely changed".

The problem, he said, is that scammers who pick their moment and exploit very precise windows of vulnerability actually appear more legitimate and can often steal as much information with one finely tailored email to hundreds as they may have got for a scatter-gun email to millions.

As such, Salem warned that companies need to be on the lookout more and more for scams which will be far harder to spot than the blunderbuss subtlety of generic 419 scams or product offers.

Earlier this week highlighted the case of another finely tailored email scam which saw an apparent endorsement for one tech company's products emailed specifically to, in an apparent attempt to gain coverage or a higher profile.