Phishing, with a side of Swine Flu

I just read the following on the MSNBC web site:
(http://tinyurl.com/msnbc-phishing-swine-flu)

Phishing with Swine Flu as bait

Phishers and spammers have caught Swine Flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.

The e-mail scams have a subject line related to the Swine Flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory. (Read More…)

Stuff like this reminds me how evil some people can be, and how ubiquitous email has become. Let’s be clear, these types of attacks always happen through email. Not through websites. Not through your fax machine. Not via instant messaging (IM), or SMS. These attacks don’t reach you via your cell phone, and these attacks don’t arrive via FedEx or UPS. Its ALWAYS via email.

For the last decade companies like Microsoft, Cisco, Symantec, Google, McAfee, Trend Micro, Sonic Wall, Barracuda Networks, etc. have made (and spent) billions of dollars trying to convince us they know what they are doing when it comes to the security of our email. How much longer, and how many more exploits like this one, is it going to take before people realize that email, the original social networking application, deserves to be secured the same way Facebook, Twitter, LinkedIn, AIM, and Plaxo are secured?

Isn’t it time, once and for all, for authenticated email to take the main stage? What is everyone so afraid of? Threat free email is available, today, and is currently in use by millions of people and thousands of companies around the world.

It is time to stop the insanity. Continuing to do what you’ve always done (filtering your email) will always yield the mediocre results you are seeing today.

Fake Obama News

An article that caught my attention this morning by Brian Prince of eWeek (http://www.eweek.com/c/a/Security/Malicious-Sites-With-Fake-Obama-News-Trying-to-Build-Botnet/) details the latest in e-mail security attacks:

“Spammers are luring victims to a malicious site with false reports by President-elect Barack Obama. The spam is being sent out by the Waledac botnet, which security researchers say is a reincarnation of the infamous Storm botnet.”

These types of attacks are bound to increase until people realize, once and for all, that unauthenticated e-mail = unsafe e-mail. I feel badly for people that are falling victim to these sorts of attacks, however, the bad guys will continue to exploit the instant gratification mentality so prevalent today that causes people to open/read e-mails before they look to see from whom they are sent. Under no circumstances should anyone ever open an email from an un-authenticated sender. Until organizations and service providers, large and small, realize this fact and implement systems to enforce true person-to-person e-mail authentications we should expect to read an ever increasing number of stories much like this one.