Email Security Alert Issued as Fake Firefox Update Scam is Discovered

Firefox is a popular web browser created by a global non-for-profit organization. It boasts excellent controls against viruses and has proved popular for its security features, anti-tracking functionality, and its speed. However, as with all web browsers, it requires frequent updates to remain 100% virus-free.

Updates must be installed promptly to keep the browser secure. Users are alerted to these new updates as and when they are released, and installing them is a quick and simple process.

These updates are announced via the browser. Users of Firefox are not emailed reminders to update their browser to the latest version. That said, a number of emails have recently been received by users of Firefox alerting them to the urgent need to download the latest version of the browser. These emails are part of a fake Firefox update scam.

Fake Firefox Update Scam Discovered

If you receive an email telling you to update your Firefox version “for security reasons” you will not be alone. Many other users have received similar emails. These are not genuine. They are part of a new email spam campaign that attempts to fool recipients that their browser is out of date and an update is essential.

To make it as easy as possible to install the necessary security protections, a handy link is included in the email. This will take the user to the Firefox website where they can download the latest version of the web browser. However, be warned. The link is fake, and by clicking the link and attempting to improve security, all you will be doing is downloading a Trojan to your device. That Trojan will be used to steal your passwords.

This is a common tactic used by email spammers. Emails are sent which contain important information on security updates to fool the unwary into downloading malicious software. The emails play on data security fears and warn of repercussions for not taking the requested action. Many email recipients are fooled into clicking links or opening infected attachments as a result.

SpamTitan regularly issues warnings about the latest spam campaigns, fake emails and new malware as they are discovered. Internet users are instructed to take precautions to protect themselves against these attacks.

Fortunately, there are some very easy steps that can be taken to reduce the risk of attack via email. Receiving a spam or phishing email will not compromise your system (generally speaking) unless an action is taken, such as opening an email attachment or clicking on a link supplied in the email. Consequently, protecting yourself from attack can be quite straightforward.

SpamTitan Financial Preservation Tips

Don’t give hackers the data they need to empty your bank accounts and max out your credit cards. Follow the simple instructions below and you can protect your hard earned cash.

  1. Do not open any suspicious attachments sent to you by email and do not download them to your computer. You must be sure of the genuineness of an attachment before you open it
  2. Do not click on links to websites that you do not know
  3. Check all links before clicking as they may have been faked. Hover your mouse arrow over the link and you will find out where that link will direct you. If you are unsure, never click
  4. Check the ‘From’ field. The name may be familiar, but the email address from which the email has been sent may not be. Do not take any chances. The ‘From’ field can easily be faked
  5. If you have not requested a new password, never click on a link that asks you to reset it
  6. Never divulge sensitive information in an email, even if requested to do so. IT departments and legitimate web service providers will never ask for your login details and passwords to be sent by email
  7. Always keep your anti-virus and anti-malware definitions up to date. They are released on a daily basis and sometimes every few hours. Set your software to download these automatically
  8. Install a spam filter to prevent spam and phishing emails from being delivered to your inbox

Beware of Whaling: Highly Targeted Phishing Campaigns

You will probably be aware of the term phishing: A method used by criminals and hackers to obtain sensitive information from individuals, usually with a view of using that information to gain access to bank accounts, computer networks, or commit identity theft.

Phishing is a growing phenomenon. Online criminals use social engineering techniques to get users to reveal sensitive data. They also convince end users to install malware that can be used to log keystrokes or even allow hackers to take full control of a device.

Phishing is highly effective and allows criminals to make billions of dollars every year. However, the way campaigns are conducted limits the earning potential of criminals. Campaigns are often sent via spam email and that is a numbers game.

Spam emails get caught up in email filters, are marked as junk, or are quarantined. Emails must therefore be sent out in the millions in order for a criminal to get just a few responses. Oftentimes, online criminals do not actually have enough real email addresses and have to resort to guessing, hoping that catch-all accounts exist and some will be delivered.

Whaling – A new phishing technique that is proving to be highly effective

Rather than sending emails by the million, criminals have worked out that it is possible to get the same number of responses by sending just a handful of emails. In order to successfully obtain the bank account login credentials of one individual, it may be necessary to send out a million emails using standard phishing techniques. It is also possible to do it with one: The email just needs to be very convincing.

The term whaling has been coined to describe this new tactic. Rather than using a very big net to catch a few small fry, a spear gun can be used to target a very big target. Whalers pursue one target and the payoff can be considerable. A whale is more valuable than a handful of sprats.

Whaling is not random and the technique requires skill and effort. A target must be identified and researched. A campaign must then be devised that will convince that individual, or a small group of individuals, to respond. Emails must be crafted that are realistic. Since the targets are usually senior executives in a company, they are likely to be extremely cautious about revealing information, opening files, or visiting websites.

Whaling therefore requires detailed information to be gained about the target. The more information that can be gained about the target’s likes and dislikes, their role within the company, contact information and family life, the easier it is to craft an email that they will respond to. This takes a lot of time and effort but the prize is worth it. Senior executives have access to highly valuable data.

Due to the effectiveness of whaling campaigns, many criminals are switching to this mode of attack. Many of those attacks are conducted not on email, but via social media channels.

Has improved security protections forced phishers to move from email to social media networks?

Opinion is divided within the IT security industry about the move from spam email to social media networks as the preferred vector for delivering phishing campaigns. Almost a third of respondents in a recent SpamTitan survey did not believe that improved Anti-spam technologies have triggered the move to social media networks.

The survey also showed that 37% of respondents believe that phishing is a growing phenomenon, and that additional protections are required to keep networks secure.

Many believe that the switch to social media networks is simply due to the number of individuals that have signed up for accounts, and phishing is therefore a natural response to the rise in popularity of online communities that encourage the sharing of personal information.

If personal information is uploaded by individuals onto social media networks, it is possible to build an accurate picture of an individual very easily indeed. Ask Facebook. The company doesn’t need to charge users as the information it gathers is incredibly valuable to advertisers. They can create highly targeted advertising campaigns with the data. Unfortunately, phishers can use that information too.

Corporations as well as individuals must therefore take great care when using social media sites. It is all too easy to reveal sensitive information and become a victim of a phishing or whaling attack. Fortunately, SpamTitan Technologies can offer protection from phishers, whalers, and other online scammers. Email phishing campaigns can be blocked, while the company’s web filtering solutions can prevent phishing websites from being visited.