Recently I’ve been receiving a lot of email in Russian. I don’t know why, does anyone? If it is spam, it’s not very effective, because I can’t read it. Would be nice if my email provider gave me a way to auto-spam all email that was in a language I didn’t have a hope of reading.

I’ve received another interesting pair of emails on the same tactic. These are standard trojan/phishing attacks, but the tactic of the email is new:

Bank of America Warning:

Automatic Installation failed for Bank of America certificate component. The only thing you can do at the moment is to install the 4.12.2009 version from our website. That is the same application with the new publisher certificate.

Proceed for further information:
[evil URL removed]
Sincerely, Tracey Devine. Customer Service Department.
2009 Bank of America Corporation. All rights reserved.

Has security come so far, that the average user would realize that having up-to-date digital certificates could affect their security? Or, is it just another random tactic to see what might work?

One thought on “New spam tactics

  1. Walt says:

    I think it’s the opposite – the scammer banks on the hope that the mark knows *nothing* about certificates and will just blindly install the root cert without realizing what a horrible mistake they’re making. I believe this is still a pretty safe bet.

Comments are closed.