137th Day Of Lockdown

Maharashtra49026232728117092 Tamil Nadu2850242275754690 Andhra Pradesh2069601204641842 Karnataka164924842322998 Delhi1427231282324082 Uttar Pradesh113378668341981 West Bengal89666630601954 Bihar7179446294400 Gujarat68855517922604 Assam5549737225132 Rajasthan4941835186763 Odisha4255028698292 Haryana4005433444467 Madhya Pradesh3729827621962 Kerala3170019147103 Jammu and Kashmir2392716218449 Punjab2193014040539 Jharkhand165427503154 Chhatisgarh11408831987 Uttarakhand89015731112 Goa7947559570 Telangana751354330615 Tripura6014408437 Puducherry5123291475 Manipur3466192610 Himachal Pradesh3206200813 Nagaland26578247 Arunachal Pradesh204913263 Chandigarh137482023 Meghalaya10234236 Sikkim8544061 Mizoram5672890
Technology Other News 14 Aug 2019 Warning! Don’t ...

Warning! Don’t fall for registration, feedback forms on emails from big companies

DECCAN CHRONICLE
Published Aug 14, 2019, 1:38 pm IST
Updated Aug 14, 2019, 1:38 pm IST
All three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback.
Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients, while bypassing existing content filters. (Photo: Pixabay)
 Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients, while bypassing existing content filters. (Photo: Pixabay)

Kaspersky researchers have identified a growth in the usage of cunning spam and phishing delivery technique. Malicious internet users are increasingly exploiting registration, subscription, and feedback forms on websites to insert spam content or phishing links into confirmation emails from respected and trustworthy companies on a global scale.

Malicious users are constantly looking for new methods to deliver their spam and phishing messages to recipients while bypassing existing content filters. Ideally, they try to make letters come from a legitimate source with a good reputation so that users cannot ignore the unwanted email. This also creates a challenge for companies as this unwanted spam or even malicious content, seemingly sent on their behalf, could compromise their customers’ trust or even lead to personal data leaks.

 

The method is quite simple and effective. Today, almost every company is interested in receiving feedback from their clients to improve the quality of service, customer retention, and reputation. To do this, companies ask customers to register a personal account, subscribe to newsletters or communicate with feedback forms on the website, for example, to ask questions or leave suggestions. These are exactly the mechanisms that attackers are exploiting.

All three mechanisms require the customers’ name and email address, so they can receive a confirmation email or feedback. According to Kaspersky researchers, scammers are adding spam content and phishing links into this mail. They simply add the victim’s email address into the registration or subscription form and type their message instead of the name. The website will then send a modified confirmation letter to that address, containing an advertisement or phishing link at the beginning of the text instead of the recipient’s name.

 

To keep companies from possible reputational losses, we advise:

  • To check how the feedback forms work on your website
  • To embed several verification rules that would cause an error when trying to register a name within appropriate symbols
  • To conduct a vulnerability assessment of the website, if possible.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

...




ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT