ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals

holiday spam cybersecurity

Consumers are much more likely to fall for spam during the season of giving.

Maybe holiday cheer makes people less cynical. If so, that explains why social-engineering spam tactics prove to be more effective during the festive season.

New research shows that spam campaigns disguised as delivery notifications or online shopping invoices, while always a favored tactic by criminals, work even better around the holidays. That’s largely because, among other factors, most people are in the giving mood, sending packages and receiving them – and letting their guard down as they get into the spirit of the season.

“The kind of spam that criminals use doesn’t seem so spammy to a lot of people this time of year. More people are just more open to the commercial messages spammers like to spoof, which makes individuals more vulnerable at home and at work,” said F-Secure’s behavioral science lead Adam Sheehan in a report released Wednesday. “Tests we performed using simulated Black Friday and Cyber Monday phishing emails saw about 39 percent more people click than similar tactics we use at other times during the year, which isn’t a trend we like to see.”

It’s also a function of basic human nature, the report postulates:

Holiday Spam

“Online criminals are also behavioral scientists in their own right. They know we’re inclined to click first before we ask questions because we like to nurture our own fantasies about the gifts we might receive while also refraining from questioning others to keep from spoiling a surprise.”

Researchers point to spam as the most common method for cybercriminals to spread malware overall in 2018, accounting for nine out of every 10 infection attempts throughout the year. Roughly 69 percent of spam campaigns attempted to trick users into visiting malicious URLs to download a malware-laden file or committing another online action that results in an infection. Malicious attachments were used in the remaining 31 percent of campexample of Holiday Spamaigns.

Also, the majority of observed spam campaigns target users in Canada, E.U., Japan and the U.S., the firm said.

As far as payloads, downloaders, bots and backdoors account for 52 percent of malware delivered through spam, followed by banking trojans (42 percent) and then ransomware (six percent). Overall, the Emotet, Trickbot and Panda banking trojans are the most frequently seen malware families delivered through spam.

F-Secure researcher Patricia Revilla-Dacuno however noted that these trends have to be put into context.

“It’s true that we see less ransomware as the main payload in these spam emails, but it’s still frequently delivered as a follow-up payload by backdoors or bots,” she explained. “Infection chains are becoming more complicated and the Emotet banking trojan, which is fairly common, has evolved into a credential stealer and downloader, and now used in different ways for a variety of schemes.”

She added, “A couple of years ago we could have confidently pointed to ransomware as the big issue, but now there’s more of a variety of threats to watch out for.”

Interestingly, the research also indicated that the decline of exploit kits is continuing. The number of active exploit kits declined from six in 2017 to four in 2018, and has decreased by 87 percent since 2013.

Anyway, here is to holiday cheer. May it, at least, take the edge off impending in-law visits.


Suggested articles