There are more and more people interested in using their computer knowledge to “attack” potential companies and organizations.
The study reveals that registration, subscription and / or comment forms on legitimate and trusted company websites are increasingly used by hackersin the form of engaging in attacks by spam e Phishing. Not only the safety of users but the reputation of companies can be put at risk.
The main objective of this type of invasion is the introduction of spam or links from Phishing in the registration confirmation emails sent through the companies.
Given this, in order not to be barred by content filters that already exist on the internet, they try to send emails they send from a legitimate source, usually from an entity that the recipient knows relatively well, preventing them from being somehow , ignored.
What is certain is that this process raises a huge challenge for the business entities involved. THE spam or malicious content, apparently sent on your behalf, could compromise customer trust. In addition, it gives rise to numerous security breaches to customers' personal data.
But after all, how do the Spam and Phishing?
It is true. This is a fairly simple and effective method. Almost every company is currently striving to achieve high levels of interaction regarding the receipt of comments / criticism from its customers with a view to improving the quality of service, loyalty levels and criteria and reputation. in the face of competition.
One of the techniques used is based on direct request to consumers to create a personal account on the company's website / portal to subscribe to newsletter correspondent or in communication via forms. Sending questions or writing criticisms and suggestions are precisely the mechanisms by which hackers take advantage, as they all require entering your name and email before they can receive a confirmation message or answer your questions.
According to Kaspersky researchers, hackers incorporate content from spam and links from Phishing to these emails. In this way, website sends a modified confirmation message to the email that was given, already with an ad or link from Phishing at the beginning of the text instead of the name of the recipient.
Filipengine recommends to all persons and entities with website often check all processes of direct communication with customers by, for example, putting themselves in their place and performing normal registration actions on platforms.