Cyber criminals always resort to intuitive ways to lure gullible victims to make that fatal click which would download malware into their systems. Off late, they seem to have found a solution to overcome the now hackneyed caution of not clicking on links from unknown users.
Researchers at the SANS Internet Storm Center (ISC) have unearthed a flurry of malicious emails that apparently come from companies that are outsourced payroll management service providers offering their services to the recipients. However, cyber criminals are actually abusing the name of such well known companies to lure unsuspecting payroll administrators of companies to click on their emails.
One company that the criminals are particularly fond of masquerading as is Automatic Data Processing (ADP), a fairly large US based outsourcing provider with 600,000 clients.
In the last two weeks, four different variants of rogue emails that claim to come from ADP have done the rounds. In one of the recent attack variants, the rogue email sent to ADP’s customers claims that the digital certificates used to access the services were set to expire, and asks the recipients to renew the certificates by clicking on the provided link. The link appears to direct to ADP’s website, but actually directs users to a fraudulent site that tries to exploit the weaknesses in outdated browser plug-ins and infects the system with malware. The usual solution of refraining from clicking on unsuspicious links falls flat in this case.
Here, the sender is someone who is familiar to the recipient and whom the recepient often exchanges emails with on a daily basis. What is worse, the criminals seem to have devised a way to encode the malware in such a way that it slips through the radar of most antivirus suites. The only solution is for payroll administrators and others to take the time and effort to understand how a real email from the legitimate service provider would look like, and look for suspicious flags in any incoming email.