Using current news events in spam and malware campaigns is nothing new. In fact we see it with most major tragedies or events. This time around the topic is the Ebola virus. We’ve been seeing both spam and virus campaigns using Ebola as a topic to get the readers attention, with one malware campaign even claiming to be from the World Health Organization. With this one claiming to have information on how to stay safe about diseases around “that you know nothing about”.
Most of the spam coming in seems to be using Ebola as a click bait in the message, rather than focusing the spam specifically on Ebola. Messages coming in with subjects claiming to have breaking news on Ebola or others claiming they have cures. Some even trying to sell Ebola survival guides. Using a popular news topic in spam is a common tactic since people are more likely to have heard about the messages alleged content. Usually with the message being formatted in such a way that it is going to provide you with information you may not know yet. Sometimes even looking like legitimate news agency emails. From there it makes it easier to deliver a payload or to try and get a user to click on some link in a message to take them elsewhere. In the recent campaigns, most of the spam with links in them take you to websites that don’t even mention Ebola. They are just using it’s popularity in the email message to get users to click on links and get their attention for products they are trying to get you to buy.
Due to Ebola’s popularity at the moment, it can make it harder for a user to determine if a message is actually spam or if maybe it is something they are interested in like legitimate news. This is when it’s best to remember some good practices of safe email use.
- Check who the message is coming from – This can show sometimes if a message is coming from an account you don’t recognize. This may not always be a reliable tactic since a From address can be spoofed, but it can make it easier to weed out the obvious fake emails.
- Look where a link may take you - In almost every mail program, you can hover your mouse over a link and see where it’s taking you. Often you can see right away if a link looks legitimate or not. If you get an email from an American news agency about a miracle Ebola cure but it’s leading you to a a foreign website or a website you’ve never heard of, it’s probably safe to not click the link.
- Always be wary of attachments – This goes for pretty much any attachment. Some of the commonly abused file types are .exe, .scr, .com, and .pif for malware. There are many other attack vectors in programs for malware to use as well though. So if you get attachments from unknown senders at all, it’s best to take as much caution as you can such as scanning the file with web tools or you local antivirus. A side note to add is to also be aware of double extensions. By default in Windows OS, a known file extension is not shown. Sometimes malware authors will create and zip a virus such as “Invoice.pdf.exe”. When saved and extracted to a computer, most users will just see “Invoice.pdf” making it look legitimate.
Keeping a close eye on the email content you look at can save you from falling in to a phishing scam or installing a virus. But using email filtering and keeping antivirus up to date is equally important in protecting users and should shield most users from these types of spam and attacks.