« The Twelve Days of Phishmas 2010 | Main | Fake AV and Rogue Security Software: The Scareware Class of 2010 »

Tuesday, 14 December 2010

Phishers use subliminal messaging to make you open that email

The cleverest of phishers are good social engineers. Often, they borrow a page from broadcast media and publishers, who are very good social engineers. Phishers recognize that controversial or scintillating headlines convince a passerby to purchase a newspaper from a newstand, a couch potato to pause mid channel-surf, or  an Internet user to visit a web page . They use these same strategems when composing email message subject lines.

Whether in our home, office, automobile, airport lounge or elevator, we hear, read, watch or are passively exposed to some controversial or scintillating media broadcast every day. Even when we pay only part attention to this input, we often retain some element of the message. Phishers exploit this human behavior. Consider some  of subject lines from my cache of recent phish emails, below.

The first batch prey on concerns over health and healthcare:

Subject: Learn all about Medicare/Medigap coverage
Subject: FDA Alert. Do you use Paxil
Subject: Avandia Heart Attack Cases are Now Settling
Subject: Ease the worry with health insurance
Subject: Health warning for all Accutane users
Subject: Student health insurance. Find affordable plans
Subject: Do you suffer from Diabetes?
Subject: Big settlements for Avandia users
Subject: Get contact lenses online

Photo: George Eastman House

 Worry

I've omitted another dozen subject lines that promote weight loss, virility, beauty/Botox, and Acai Berry for better health. I can recall a mainstream media commercial, print ad, or news piece covering each of these issues or fads, can you? Many of these subject lines target seniors or individuals whose healthcare needs may be worrisome enough to convince them they should read on. 

A second batch targets individuals who have economic worries:

Depression 
Photo: onohoku

Subject: The bailout is working for homeowners in need
Subject: Our Loan services are low interest rate (2%) 
Subject: Quickly and easily qualify for an unsecured loan
Subject: A unique way out of debt
Subject: 2010 Credit Report - Credit Score Included
Subject: Compare term life carrier rates from top providers
Subject: Veteran Loans
Subject: CBS interview helps you get out of debt
Subject: Switch To A 15 Year Fixed Rate At 3.75%
Subject: Earn Cash in the New Year

Everyone who is reading this blog has some inkling of the world economic situation. No one of us is entirely unaffected and many of us have friends and family who are struggling financially. Phishers are betting that our good will trumps our common sense and that we'll click to learn more or pass the message along to someone who might.

Phishers love holiday seasons and celebrate by exploiting our giving spirit:

Subject: Letter From Santa For Your Child
Subject: More Values, Your Values - This Holiday Season
Subject: Christmas Greeting Cards! No registration! No fees!
Subject: 12 days, 12 great small biz gifts!
Subject: A better way to travel
Subject: Custom Santa Letters
Subject: Your WalMart Holiday Card
Subject: One-Day Deal: 50% Off Sweaters! Plus, Holiday Sale up to 50% Off

Christmas_postman
Photo: George Eastman House

If you shop online, you are probably receiving bulk solicited or direct mail from merchants. Phishers copy email sent by legitimate merchants and brands. They know money is tight and that in weak economies, bargain shopping is even more appealing so they try to convince you the deal is legit and too good to pass by.  

This is a small sample of what you should expect, and all of these were delivered in the past five days. Here are some suggestions to help you avoid falling prey to the subliminal messaging phishers employ in subject lines:

  1. Be suspicious of any unsolicited healthcare and health plan information delivered to your mailbox. Check the sending email address carefully. If you are a US resident, it's very unlikely that a legitimate health care professional is sending you mail from a foreign country email server such as broopill.cz.cc or mail.goo.ne.jp
  2. Avoid loan, credit card, insurance or other finance offer delivered to your mailbox, especially when rates quoted are sub-prime or terms are generous. 
  3. Ignore bargains or offers from merchants you have not used or granted permission to send you email. In the best case, these merchants are sending unsolicited bulk email; in the worst case, the mail is from phishers, not merchants. Again, check the sending mail address carefully. Read the entire email address. Phishers may embed the name of a merchant or brand in an email to convince you the message is legitimate.

These good practices are complements to, not substitutes for, the every day measures you should take to avoid being phished. You'll find some common sense guidelines at Stop Think Connect and other antiphishing measures here.

Posted at 11:54 AM in Anti-Malware and Anti-phishing |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Warmest Greetings, Although I thoroughly enjoyed your post immensely, there are issues I must voice. I have a ton of hard core information that says under no circumstances , do subliminals work. So you have nothing to worry about. But anyhow, you have an interesting viewpoint and I thank you for letting me share this with you.

Posted by: Moritz Lightman | Friday, 24 December 2010 at 06:06 AM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories