The official-looking message claims that the recipients' company has made numerous misrepresentations regarding worker classification in an attempt to fraudulently lower workers' insurance compensation costs.
The e-mail then asks the recipient to fill out an attached form and fax it to NPRC fraud department in order to resolve the issue. However, instead of a legitimate form, the attachment contains a Trojan downloader with a malicious Windows executable file.
The NPRC posted an advisory on its Web site warning visitors to be wary of the attack. In an effort to appear legitimate, the email contains the NPRC banner. "This email was NOT sent or authorized by NPRC, and is NOT associated with NPRC. It likely contains malware or viruses that could harm your computer if you click on any links contained in the email or open any attachments," the advisory states.
The attack was discovered by San Diego-based Websense, specializing in Web, data and messaging security. Security experts contend that these kinds of phishing attacks are not as popular as they were in previous years.
"E-mails containing attachments are what we used to see in the past," said Stephan Chenette, Websense Security Labs manager. "We're seeing a lot less these days."
Chenette said that security trends indicate that attacks are increasingly occurring through malicious Web 2.0 applications. However, often users are brought to sites that contain malicious code after being enticed with a socially engineered e-mail message.
"Social engineering attacks will always be successful. They're banking on how users handle a particular scenario," he said. "In this particular case it was quite successful."
The NPRC attack is similar to previous highly publicized scams that have claimed to originate from governmental and nonprofit organizations such as the IRS, Better Business Bureau and the Department of Justice.
Security experts recommend that corporations invest in software that can monitor the Web sites visited by their employees.
"And home users just have to be knowledgeable," said Chenette.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
