We examined the contents of Kasperskys CEOs spam folder to find out what spammers and phishers think might entice him.
We all get masses of spam in our personal and work inboxes every single day. It ranges from harmless invitations to conferences well never attend and ads for goods and services to not-so-harmless fake messages about winning a lottery or requests for help, usually in the form of a money transfer. Spammers write to everyone: students, housewives, CEOs.
We decided to take a look at what finds its way into the mailbox of the head of Kaspersky, and how the spam in his mail differs from the average. Of course, Eugene himself never sees most of these messages they are automatically sent to the trash.
Some stats
We divided the spam in Eugenes mailbox into several categories. The largest category (roughly a third of all messages) was B2B spam. That includes commercial offers from companies, invitations to conferences, and requests for a meeting or phone call.
In second place were phishing attempts to extract Eugenes personal information.
In third place were advance-fee scams messages claiming to be from the lawyers of alleged relatives and other far-flung benefactors hoping to share millions of dollars with him.
Common business spam
Unsolicited advertising for B2B services and events is a fairly harmless form of spam. Many e-mails in this category are genuine commercial offers, invitations to conferences, and the like.
Some of them might even be of interest to Eugenes colleagues, but he himself usually only attends major industry events. Besides, he couldnt process so many business proposals even if that was all he ever did with his time. Therefore, such messages end up in the spam folder.
Business spam is often personalized: the authors stress that the offer is unique to the Kaspersky CEO and refer to him by name. But that does not redeem them in the eyes of the spam filter.
Among the B2B messages, however, are some that look more like spam proper than misdirected proposals. For example, the authors of the e-mail in the screenshot below warn Eugene that this is his last chance to register for a webinar. Theyre obviously hoping to create a sense of urgency.
Phishing
The personal data of top-level managers is highly prized, so Eugene gets far more phishing spam than other users. For example, the message below looks like a voicemail notification. Unsurprisingly, to listen to it, Eugene would have to enter his account credentials.
Nigerian spam
Eugene also gets more advance-fee scam e-mails than the average user. The offers include not only inheritances, but also, for example, the payment of alleged substantial debts owed to his company. Most likely, the fraudsters hope that the CEO of a global company will think nothing of paying a small amount up front to engage an intermediary, which is what such messages usually boil down to.
Fundraising
Another type of spam worth mentioning is e-mails about raising money for supposedly sick relatives. Why supposedly? Well, a search for the card number for receiving donations revealed that its owner had a dozen sick children and an entire menagerie of ailing animals. As a company that supports many charity projects, we know how to evaluate them.
Ransomware
Another thing that winds up in Eugenes spam is outright blackmail. But whereas the average user is commonly threatened with the disclosure of personal secrets, our CEO is menaced with threats of data leakage. Heres one such example: Your computer was infected by my team and we were able to access both it and your data. If you want everything to remain secret, we strongly recommend that you transfer $200 to our bitcoin wallet.
There was, of course, no infection.
E-mails from strange people
A separate category of spam in Eugenes mailbox is made up of messages that we usually call e-mails from strange people. These are messages in which the sender spills their guts, goes overboard with the threats (respond-or-the-puppy-gets-it style), or makes what they clearly think is a great offer.
For example, among other things, we found an e-mail entitled Homeless people will go to jail instead of you and offering Eugene, the head of a major international company, a fake passport.
Some tech lover told our CEO that an inventor from Kentucky created something that had even the White House aflutter:
Meanwhile, the author of this next message fears that someone is stealing his data through mobile TV and various radio frequencies, and confuses our head with a competitor.
The imagination of some supplicants is enviable, but that does not save their carefully crafted compositions from the jaws of the spam folder.
Coronavirus spam
Like any popular topic, the coronavirus pandemic was and is a spam magnet. In Eugenes spam folder, we found ads for masks, personal ventilators, virus-related online seminars and conferences, and much more.
We found e-mails about the pandemic in all major spam categories, be it B2B, advance-fee scam, messages from Chinese factories, or any other garbage. Analysis of all recent unsolicited e-mails reveals that more than half are associated with coronavirus.
Barking up the wrong tree
A rummage through our CEOs trash folder turns up seminars for accountants, promises of easy money, and ads from stores trying to attract customers. Such messages are sent to everyone and his dog, so its not surprising that Eugene receives them too.
Eugene gets even more spam than most people do, however, for several reasons. For one thing, the CEOs business e-mail address is easy to find, and those who use it include people who genuinely want to reach out to the company but dont know who the proper contact person is.
And for another, there seems to be a certain thrill in attacking someone whose very name is synonymous with fighting cybercrime. Whats more, if an attack on the guy at the top were to succeed, the profits would be phenomenal. At least that seems to be the thought that motivates scammers and spammers to keep clicking the send button.
We all get masses of spam in our personal and work inboxes every single day. It ranges from harmless invitations to conferences well never attend and ads for goods and services to not-so-harmless fake messages about winning a lottery or requests for help, usually in the form of a money transfer. Spammers write to everyone: students, housewives, CEOs.
We decided to take a look at what finds its way into the mailbox of the head of Kaspersky, and how the spam in his mail differs from the average. Of course, Eugene himself never sees most of these messages they are automatically sent to the trash.
Some stats
We divided the spam in Eugenes mailbox into several categories. The largest category (roughly a third of all messages) was B2B spam. That includes commercial offers from companies, invitations to conferences, and requests for a meeting or phone call.
In second place were phishing attempts to extract Eugenes personal information.
In third place were advance-fee scams messages claiming to be from the lawyers of alleged relatives and other far-flung benefactors hoping to share millions of dollars with him.
Common business spam
Unsolicited advertising for B2B services and events is a fairly harmless form of spam. Many e-mails in this category are genuine commercial offers, invitations to conferences, and the like.
Some of them might even be of interest to Eugenes colleagues, but he himself usually only attends major industry events. Besides, he couldnt process so many business proposals even if that was all he ever did with his time. Therefore, such messages end up in the spam folder.
Business spam is often personalized: the authors stress that the offer is unique to the Kaspersky CEO and refer to him by name. But that does not redeem them in the eyes of the spam filter.
Among the B2B messages, however, are some that look more like spam proper than misdirected proposals. For example, the authors of the e-mail in the screenshot below warn Eugene that this is his last chance to register for a webinar. Theyre obviously hoping to create a sense of urgency.
Phishing
The personal data of top-level managers is highly prized, so Eugene gets far more phishing spam than other users. For example, the message below looks like a voicemail notification. Unsurprisingly, to listen to it, Eugene would have to enter his account credentials.
Nigerian spam
Eugene also gets more advance-fee scam e-mails than the average user. The offers include not only inheritances, but also, for example, the payment of alleged substantial debts owed to his company. Most likely, the fraudsters hope that the CEO of a global company will think nothing of paying a small amount up front to engage an intermediary, which is what such messages usually boil down to.
Fundraising
Another type of spam worth mentioning is e-mails about raising money for supposedly sick relatives. Why supposedly? Well, a search for the card number for receiving donations revealed that its owner had a dozen sick children and an entire menagerie of ailing animals. As a company that supports many charity projects, we know how to evaluate them.
Ransomware
Another thing that winds up in Eugenes spam is outright blackmail. But whereas the average user is commonly threatened with the disclosure of personal secrets, our CEO is menaced with threats of data leakage. Heres one such example: Your computer was infected by my team and we were able to access both it and your data. If you want everything to remain secret, we strongly recommend that you transfer $200 to our bitcoin wallet.
There was, of course, no infection.
E-mails from strange people
A separate category of spam in Eugenes mailbox is made up of messages that we usually call e-mails from strange people. These are messages in which the sender spills their guts, goes overboard with the threats (respond-or-the-puppy-gets-it style), or makes what they clearly think is a great offer.
For example, among other things, we found an e-mail entitled Homeless people will go to jail instead of you and offering Eugene, the head of a major international company, a fake passport.
Some tech lover told our CEO that an inventor from Kentucky created something that had even the White House aflutter:
Meanwhile, the author of this next message fears that someone is stealing his data through mobile TV and various radio frequencies, and confuses our head with a competitor.
The imagination of some supplicants is enviable, but that does not save their carefully crafted compositions from the jaws of the spam folder.
Coronavirus spam
Like any popular topic, the coronavirus pandemic was and is a spam magnet. In Eugenes spam folder, we found ads for masks, personal ventilators, virus-related online seminars and conferences, and much more.
We found e-mails about the pandemic in all major spam categories, be it B2B, advance-fee scam, messages from Chinese factories, or any other garbage. Analysis of all recent unsolicited e-mails reveals that more than half are associated with coronavirus.
Barking up the wrong tree
A rummage through our CEOs trash folder turns up seminars for accountants, promises of easy money, and ads from stores trying to attract customers. Such messages are sent to everyone and his dog, so its not surprising that Eugene receives them too.
Eugene gets even more spam than most people do, however, for several reasons. For one thing, the CEOs business e-mail address is easy to find, and those who use it include people who genuinely want to reach out to the company but dont know who the proper contact person is.
And for another, there seems to be a certain thrill in attacking someone whose very name is synonymous with fighting cybercrime. Whats more, if an attack on the guy at the top were to succeed, the profits would be phenomenal. At least that seems to be the thought that motivates scammers and spammers to keep clicking the send button.
Aucun commentaire:
Enregistrer un commentaire