A new spear-phishing campaign targeting business executives shows that Internet scammers hope a little flattery can go a long way.
The "Top 100 Executives" scam, as revealed on the anti-virus firm Bitdefender's HotforSecurity blog, lures professionals into parting with personal information, such as phone numbers, email addresses and job titles, by appealing to the executives' vanity.
Victims of the scam receive an email from "Top 100 Executives Magazine of 2013 Magazine," a fake publication that claims to be compiling a list of the most distinguished men and women in business.
The email contains a link to a "Registration Form" on the Top 100 Executives website. The site requests a bevy of personal information from victims, including their business, mobile and home phone numbers, company name and job title and description.
Once a victim enters this sensitive information, it is sent to cybercriminals, who can use it to commit identity theft, or even worse, create fake emails that pretend to come from the executive.
[See also: How to Tell a Phishing Scam From a Real Email ].
Fake business emails are a prime way for malicious hackers and cyberspies to break into organizations. Many successful corporate network penetrations have started with a phony email that prompts the recipient to open a malicious attachment — and what better way to get a low-level employee to open an email than to make it looks like it come from his boss?
As with most phishing scams, the Top 100 scam uses a few tried-and-true tactics to get victims to part with their personal data.
For one thing, the scam appeals to the victims' vanity, claiming that only the "most accomplished and distinguished men and women" are considered for the "honor" of being included on the fraudulent company's list.
The scammers also try to trick professionals into giving up their credentials as quickly as possible, claiming that they have previously attempted to contact the victim and warning them that the email is their "final notice." This appeal to urgency is a typical component of most phishing scams.
Facebook, a popular venue for conniving phishermen, is also host to a recent scam targeting users with professional profiles. Much like the Top 100 Executives scam, the "Fan Page Verification Program" bears the phishing hallmarks of appeals to vanity and urgency.
Other "vanity appeals" involve creating a malicious Web page full of information about a high-profile individual, such as a top business executive, in the expectation that the executive will Google his own name periodically and click on anything new that comes up.
To avoid falling victim to such scams, use your head. Don't click on Web links embedded in email messages from people you don't know, even if they've emailed you at work. Use and update a robust anti-virus program, one that screens your browsers for malicious links.
And, last but not least, don't let your ego get in the way of your common sense.