Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 29th, 2009

Phishing Experiment Bypasses All Anti-spam Filters

A recently conducted ethical phishing experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.

The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.

The scenario was an invitation from Linkedin, posing as an invitation from Bill Gates to join his network. Linkedin was selected due to availability, and the fact that it is a social network recognized by most executives. The selection of Linkedin was also based on the fact that linked-in email should be already identified by most existing email system(s), and this may have helped delivery through into the mailbox.

The Phishing site was based on the Linkedin sign in page. The form action was changed so that the user would be redirected to a subsequent page on our site. No usernames or passwords were collected during this assessment. All targeted users were contacted before the phishing email was sent, and were expecting a Linkedin invitation from Bill Gates.”

A similar study was conducted by ethical phishing vendor in March this year, pointing out that based on the 32 phishing scenarios tested against 69,000 employees, people are less cautious when clicking on active links in emails than when they are requested for sensitive data. This behavior is not surprisingly cited by PhishCamp as a possible opportunity for the introducing of blended threats, similar to known cases where phishing and scareware sites were also serving client-side exploits.

With the average price for a thousand active Gmail, Yahoo Mail and Hotmail accounts decreasing due to the economies of scale achieved by the vendors of CAPTCHA-solving services, and the numerous tools available at the spammer’s disposal to take advantage of these accounts, in the long-term all spammers will start abusing the already established DomainKeys trust among the most popular free email service providers.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Scammers Avoid Spam Detection By Using Redirection In Adobe Flash Files And Free Hosting
  • Gmail Being Blocked By Some Anti-Spam Vendors
  • Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails
  • Phishing Attacks Doubled In UK
  • Google Docs Abused In Latest Spam Technique

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Phishing Experiment Bypasses All Anti-spam Filters

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.