My Brand Book | First brand Book On ICT Industry | Brand Book Video | Star Nite Awards | india IT Industry | india telecom industry | information technology | latest News magazine | First Brand BOok on ICT industry | Coffrr Book on ICT industry | Top IT Magazine in India | IT Magazine in India | Online computer magazine india | PC magazines India | It Distributors in india | popular IT magazines in India | IT channel magazine india | Indian computer magazines | IT news magazine India | Latest Computer Technology News Magazine India | Latest Information Technology Updates India | Latest Computers Technology Updates India | Popular IT News Magazine India | Computer technology news magazine articles | Computer technology magazine pdf | Pc magazine pdf free download | Information Technology News | Latest Computer Technology news | Looking for latest IT news | IT News | Computer Technology News | Online Technology Newspaper free download | Computers and information technology articles | Latest IT News | Latest SMB News | IoT

Open Enrollment Signals Open Season for Spammers
Open Enrollment Signals Open Season for Spammers

Anshuman Singh, Director,
Product Management of Application Security,
Barracuda Networks

Spam is big business all year long, and it never goes out of season.  Unfortunately, spammers do kick things into high gear during the fall.  This is when people are buying gifts, thinking about how to get money to buy gifts, or opening holiday E-Cards that aren’t really from friendly people.  Spam tends to increase during this time, just because there’s more opportunity when people are in the holiday spirit.

Fall is also the time of year when insurance companies allow businesses and individuals to adjust their health and life insurance coverage.  This is known as Open Enrollment, and spammers come out in force to try to take advantage of this well-known event.

Barracuda Central, our 24×7 advanced security operations center, has detected an increase in health and life insurance spam over the last few weeks.  We have picked up several hundred examples of these emails since October. These particular spam messages use names of real insurance companies, such as AIG, Fidelity Life Insurance, and Medicare.  The messages have generic subject lines such as “Open Enrollment is here!” and “Now is the time to change your plan.”

These messages are particularly crafty and made to look as real as possible. Not only are the spammers using legitimate names of health and life insurance companies, they are also using images and wording that is close, and sometimes almost identical to the real advertisements from these entities. These “insurance” emails try their best to look convincing and lure the recipient to open them by promising a free quote for insurance plans. Some emails are so convincing, going so far as to even use the company name in the sending domain.

 If the email is convincing enough and the recipient clicks on the false “free quote” link, they will notice their internet browser redirects a few times to sites that never fully load, the redirecting of the browser sometimes happens so rapidly that it can go undetected. The recipient eventually ends up at a website that is affiliated with giving insurance quotes…sometimes even to the actual insurance sites.

So what’s the point of this type of spam?  By clicking on the fraudulent links included in these types of scam emails, spammers can harvest information from a recipient like their full legal name, social security number, and credit card information, basically anything you share online. Spammers can identify the users who open these messages, which allows them to create additional emails used for “social engineering.”  Social engineering is defined by TechTarget as “a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.” Social engineering is one of the biggest threats faced by organizations today, because it takes advantage of human mistakes rather than technical vulnerabilities.

Fortunately there are ways to avoid being victimized by this type of spam message. The most important step you can take is to always double check the sending domain of any email you receive about health insurance. Do not open any insurance-related email that was sent from a domain that ends in “.xyz” or any unfamiliar or strange domain name.  Instead, contact your provider directly and let them know about the email you received and if any action is actually required on your part. By flagging this email to your provider you might just help alert them to block this particular piece of spam and subsequently save an innocent user from being exploited.

LEAVE A REPLY