Qantas email scam plays on human vulnerabilities: IDC
- 11 December, 2012 13:54
A Qantas email scam, which contains malware, shows that humans are still the “most vulnerable vector” for cyber criminals to target, according to a security analyst.
Qantas has issued a warning about the seat selection fee receipts scam emails. According to the airline, the emails can easily be spotted as fakes because they include inaccurate amounts paid for selection and include an attachment which is understood to contain malware.
“Recipients of the email are being advised not to click the links or download the attached files. We also recommend that recipients run up-to-date security software on their PC and regular virus scans to help protect against security threats,” a Qantas spokesperson said in a statement.
The Qantas spokesperson added that its subsidiary Jetstar warned customers about scam emails featuring fake itineraries which came to the airline’s attention during the first week of December.
IDC Australia senior market analyst Vern Hue said that email scams are still “very prevalent” as they are profitable for scammers preying on unsuspecting victims.
“I believe that the human is the most vulnerable vector that cyber criminals target,” he said.
“Although the security solutions available in the market can detect a large amount of malicious content, the truth is that some of them will manage to evade detection.”
According to Hue, it is then up to the person who receives the email to make the right judgement on the authenticity of it and take the right security measures.
“From a business angle, proactive steps, such as engaging in external threat monitoring and cyber intelligence is a useful tool that proactively seeks out threats against organisations, and in this case, cyber fraud.”
However, he pointed out that the vast majority of cyber fraud threats target end-users and urged organisations to step up their investments in security awareness and education programs.
“This has to be treated not from a user policy perspective, but done in a very practical level to ensure the users know that their actions can make a difference,” Hue said.
Aside from ensuring that anti-virus, anti-malware and anti-spyware products are kept up-to-date, he said that end users should patch applications and the operating system they are running.
“Some other measures like using different security providers can help deter these attacks,” Hue said.
“The key here is to have a layered approach in safeguarding your IT environment.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
How to Switch From iPhone 5S to BlackBerry Z30 (and Why)
CIOs to Become In-House Brokers -- and That's a Good Thing
The future of computing
10 Hot Hadoop Startups to Watch
The future of computing
Transform IT, Transform the Enterprise
Existing IT operational models and an ageing infrastructure are CIOs back from their full potential. This paper reveals the three IT imperatives for a CIO-led transformation, and details how CIOs are adopting strategies to change IT and assert their organisations as business leaders and innovators.
Secure by design - How to dramatically simplify data protection, access control and other critical security tasks
This white paper examines how you can dramatically reduce the effort required to protect mission-critical information, while giving users fast, simple, flexible remote access that enhances business productivity.
Empowering Modern Finance - The CFO as Technology Evangelist
The CFO as Technology Evangelist is a research report commissioned by Oracle and Accenture, in collaboration with Longitude Research, that explores how modern CFOs and finance executives are adopting emerging technologies within their finance functions to enable the development of new capabilities and to transform the role of finance.