A security vendor reports that fake emails are getting harder to spot, as cyber criminals become more effective at spreading malware and stealing passwords.
Criminals are crafting increasingly realistic emails using local brands and logos to impersonate postal companies, tax and law enforcement agencies and utility firms, according to security vendor Sophos.
The messages purport to be shipping notices, refunds, speeding tickets, electricity bills and so on, and are increasingly sent selectively so that people normally receive messages that appear to be from organisations in their own country. In some cases malware is being programmed to target or avoid users in particular countries as determined by language or keyboard settings.
The results are "more believable, highly clickable and therefore more financially rewarding to the criminal," according to Sophos.
And one of the old 'sniff tests' for bogus emails – the presence of spelling or grammatical errors – is becoming less effective: Sophos has seen a rise in well-written and perfectly punctuated spam.
"You have to look harder to spot fake emails from real ones," said Chester Wisniewski, senior security advisor at Sophos. "Being aware of the tactics used in your region is becoming an important aspect of security."
While vigilance is still essential, it's all too easy to open a message that looks realistic and then be tempted to follow a link or open an attachment. Consequently, running good security software is an increasingly sensible move.