Make TBO Your Home Page| Subscribe To The Paper| Advertise With Us| Contact Us| Login| Edit Profile| Register
Business
Email
Print
New spam attack targets Social Security numbers
ADVERTISEMENT
Published: November 27, 2009
A team of anti-spam warriors at the University of Alabama at Birmingham has discovered a new weapon in the online bad guys' arsenal.
The new spam campaign uses false e-mails that resemble messages from the U.S. Social Security Administration. The phony messages can steal Social Security numbers and download malware onto victims' computers, says Gary Warner, director of computer forensics at UAB.
Warner and his team in the UAB Spam Data Mine made the discovery just this Monday.
Whoever is behind the new spam attack appears to be trying to capitalize on the nation's widespread economic fears. The phony come-on promise Social Security payouts and tax breaks to victims who sign in at the criminals' fake Web pages, according to Warner.
The spam messages tell potential victims there are errors with their Social Security statement then asks them to link to the false pages, which are made to look like the Social Security Administration Web site. The false pages ask users to enter their Social Security numbers before prompting them to download their fake statement.
"The reality is that the download is actually a virus capable of stealing personal information, including bank passwords, from home computers," Warner said. "So once you have completed the login and download, the cyber criminals not only have your Social Security number, they also have infected your computer with serious malware that enables them to steal information and raid your bank and other accounts."
The UAB Spam Data Mine uncovered the new Social Security scam Nov. 23 during its daily routine searchers for the top spam campaigns. The team conducts its spam sweeps every 15 minutes because of the high volume of bogus e-mails arriving in the data mine's inboxes each day.
In response the latest spam attack, Warner is reminding computer users that no legitimate company or agency would ever ask users to update or review records via e-mail. Instead, they would request they do so only through that company's own Web site. E-mails requesting account updates should not be considered legitimate, he said.
More information about the Social Security spam campaign and how the UAB Spam Data Mine was able to uncover it is available on Warner's blog, Cyber Crime and Doing Time, at http://garwarner.blogspot.com/.
Email
Print
ADVERTISEMENT
Advertisement
TBO.com - Tampa Bay Online ©2010 Media General Communications Holdings, LLC. A Media General company. Member Agreement | Privacy Statement | Work With Us
