FTC Spam Targets Businesses
A new spam is targeting businesses, claiming to be from the Federal Trade Commission (FTC). The spam campaign was reported last week by Salted Hash – a security news source. According to Salted Hash, a number of businesses have reported receiving spam that looks like an internal email that is a response to something the spam recipient previously sent. The subject is insurance documents with a link in the email. The intent of the email is to get recipients to click on the link.
The linked website does not seem to have anything malicious on it. However, the criminals are logging responder information – the email address and IP data.
The recipients have reported receiving a second email, claiming to be a FTC subpoena. The email includes a link but this linked website also does not have anything malicious on it. The sole purpose seems to be a way the criminal is harvesting recipients’ email addresses and IP data.
According to the Salted Hash article, thousands of people have clicked on the link. People from government, medical, legal, education, automotive, as well as financial institutions have clicked the link.
What you can do
Share news of this latest spam campaign with you staff. Set protocols on how your staff should handle emails purported to be from any government agency. If the email looks strange, don’t click on it. Search the internet for the customer service contact for the agency and ask if they truly sent such an email.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.