Qantas email scam plays on human vulnerabilities: IDC
- 11 December, 2012 13:54
A Qantas email scam, which contains malware, shows that humans are still the “most vulnerable vector” for cyber criminals to target, according to a security analyst.
Qantas has issued a warning about the seat selection fee receipts scam emails. According to the airline, the emails can easily be spotted as fakes because they include inaccurate amounts paid for selection and include an attachment which is understood to contain malware.
“Recipients of the email are being advised not to click the links or download the attached files. We also recommend that recipients run up-to-date security software on their PC and regular virus scans to help protect against security threats,” a Qantas spokesperson said in a statement.
The Qantas spokesperson added that its subsidiary Jetstar warned customers about scam emails featuring fake itineraries which came to the airline’s attention during the first week of December.
IDC Australia senior market analyst Vern Hue said that email scams are still “very prevalent” as they are profitable for scammers preying on unsuspecting victims.
“I believe that the human is the most vulnerable vector that cyber criminals target,” he said.
“Although the security solutions available in the market can detect a large amount of malicious content, the truth is that some of them will manage to evade detection.”
According to Hue, it is then up to the person who receives the email to make the right judgement on the authenticity of it and take the right security measures.
“From a business angle, proactive steps, such as engaging in external threat monitoring and cyber intelligence is a useful tool that proactively seeks out threats against organisations, and in this case, cyber fraud.”
However, he pointed out that the vast majority of cyber fraud threats target end-users and urged organisations to step up their investments in security awareness and education programs.
“This has to be treated not from a user policy perspective, but done in a very practical level to ensure the users know that their actions can make a difference,” Hue said.
Aside from ensuring that anti-virus, anti-malware and anti-spyware products are kept up-to-date, he said that end users should patch applications and the operating system they are running.
“Some other measures like using different security providers can help deter these attacks,” Hue said.
“The key here is to have a layered approach in safeguarding your IT environment.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Assessing IP Telephony Total Cost of Ownership
Understanding total cost of ownership (TCO) of IP telephony (IPT) and unified communications (UC) implementations is critical to sound decision making. Based on data gathered from 211 Enterprises, this whitepaper reveals TCO for each vendor across a range of implementation sizes.
Pathways Course Curriculum 2014
Developed by the CIO Executive Council, Pathways is a unique, flexible, self-managed, self-paced 12-month professional development program that brings together best practices, thought leadership and business insights for today’s most promising ICT professionals. Pathways is designed and delivered by leading local and global CIOs; enabling participants to capitalise on mentor CIOs personal experiences, expertise and knowledge.
Pathways Leadership Development Program Overview 2014