Mass market brands and applications such as Adobe are highly tempting to “phishers” who perpetrate online scams through phony email solicitations of personal consumer data, according to The Fraud Practice, LLC.
It is easy for scammers and fraudsters to set up and perpetrate phishing scams online using common, well-known applications. For phishers, finding brand and application affiliations that have sufficient market appeal is critical to the overall success of their campaigns.
This draw to mass market appeal means brands and applications, like Adobe, with large user bases or high adoption rates are more likely to be targeted for phishing scams. In its biweekly fraud prevention newsletter, The Fraud Practice listed the top five reasons that Adobe in particular is a popular application with operators of phishing scams.
Top 5 Reasons Phishers Target Adobe
1. Large wide-scale adoption provides a large potential consumer base: This means there is higher probability that a random user who receives the email will know what Adobe is.
2. The Adobe Reader is a general use, freeware application: The phisher doesn’t need to find a “paying” or “existing” customer in order for the brand affiliation to have meaning to the victim.
3. The Adobe Reader is distributed via links on third-party websites to “go and download” the software: Using Adobe graphics, the phisher can embed and copy the landing experience easily, masking their activity. Exasperating the problem is the fact that unlike a banking relationship where a consumer may be familiar with a URL path to their bank, in this case most consumers would not suspect anything wrong with a URL that didn’t clearly indicate Adobe.
4. Fraudsters know that many consumers have the reader installed: The Adobe brand can be used to directly target those users to respond to a phishing email in order to exploit known weaknesses in the Adobe reader software.
5. Fraudsters can make themselves look like Adobe Reader download sites: Phishing scam operators can replicate the Adobe installation experience, actually loading the application, while wrapping malware in with the installation.
For companies, The Fraud Practice advises it is in their best interest to understand and manage the risk of having their brand associated with large scale phishing and point-of compromise attacks.
Phishing On the Rise
Phishing attacks are on the rise, according to a previous report from The Fraud Practice. In its list of the top 10 fraud trends for 2010, The Fraud Practice included increased occurrence of phishing attacks. These attacks are becoming more sophisticated, and increased 600% during 2009, according to the Anti Phishing Working Group.