Phishing spam gets 'Big Box Retailer' holiday makeover
"We're rolling in to the holiday season, purchasing things online, and getting an email from a larger retailer wouldn't be out of the ordinary," said Rich Barger, chief intelligence officer and director of threat intelligence at Arlington, VA-based ThreatConnect, Inc.
Emails sent through the Asprox phishing platform, for example, typically have a subject like such as "Order Info" or "Order Status," he said, and look legitimate at first glance.
"Only after further inspection, a very educated user could spot some inconsistencies," he said. "Maybe whoever authored the email was not a native English speaker, or was not using the marketing terminology that a large retailer would use."
Users are asked to click on a link, and are taken to a malicious site, he said.
Asprox has been updated numerous times in the past, due to a modular framework that makes it easy to swap out components. Variants have also included attachments purporting to be voice mail messages, receipts, court orders, or travel itineraries.
Asprox has been around since 2007 but, despite its age, it still packs a punch. According to Palo Alto Networks, Asprox was responsible for 80 percent of all attack sessions in October.
"It's one of the more voluminous of the spam trojans," Barger said.
Luis Chapett, software engineer and data scientist at Silicon Valley-based Barracuda Networks, Inc., confirmed that the big box retailers are the big trend this holiday season.
In the past, the spammers would target just one or two retailers, he said. This year, they're casting a wider net.
"This year they are making sure they hit every one from those that sell shovels like Home Depot to everyone's favorite - electronics store BestBuy," he said. "I believe the reason behind this is that both the physical stores and the e-stores are offering unique sales attracting everyone to buy both online and in person and believe that as with all things topical the spammers are taking note of this."
Chapett said that Barracuda is seeing phishing emails that take users to malicious websites, as well as emails that ask them to download attachments that are in the form of Zip or Word files.
In addition to spoofing a wider array of retailers, the volumes of the campaigns are also on the increase.
"Currently we are seeing an increase of around 2 to 3 percent year over year," Chapett said.
As always, users are urged not to click on links or open attachments but to visit the actual sites of the retailers where they made their purchases to check on order or delivery details.