Adult phishing scams go social

Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.

The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.

Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.

Link to new report – State of Spam and Phishing

February 15, 2010 | Filed Under Phishing, Social Media, Spam | Leave a Comment 

Build It And They Will Come…

… Shut it down and they will go. McColo.com a hosting company has been shut down, and just why is this good news? Well, the amount of spam the world sees has dropped by 65% over the course of 24 hours. How do we know this, well at Symantec we monitor this type of thing! Unfortunately it won’t last, the spammers and botnet herders will move their operations quickly to somewhere else. However, the good news is that it is possible to make a significant dent in cyber-criminal operations by taking out the appropriate pieces.

So, the battle this time has been won, but the war is far from over.

November 18, 2008 | Filed Under cyber-crime | Leave a Comment 

There’s One Born Every Day…

How do we know… well, some researchers hijacked a spam network to find out. The figures were pretty amazing, only one response from every 12.5 million emails they send. Over the course of 26 days they had 28 takers… so one a day, or near enough.

But… scaled up and out, that corresponds to a return of over £2million per year. Which is no small chunk of change.

What to do? Well, let’s face it most people ignore spam but there are still a few who do respond to it. (The real threats are coming from other areas, such as viruses and browser based exploits.) But if you do get a spam email (1) don’t respond to it and (2) don’t ask to be taken ‘off the list’ – as this will guarantee you as a target – as you have just validated your email address… and the fact you read them!

 

November 10, 2008 | Filed Under Spam | Leave a Comment 

What Makes A Spam Trend?

Are the CNN and MSNBC spam emails that are going around at present a trend? Yes – this is an example of ‘brand jacking’, i.e. it leverages a popular and trusted brand. These particular examples also use another trend – current events. Eye-catching headlines around current events, particularly things like the Olympics and the US Presidential race, can make people click a link before they think about it - and when the email appears to come from a reputable sender, the likelihood of falling for it rapidly increases .

We are getting much better at not opening attachments from users we don’t know so the spammers have moved on. Social engineering is the biggest weapon in the cyber-criminals’ arsenal and one of the easiest to beat. Rapid communication and education as to new threats is critically important. An email to staff on the new trend, just to make them think twice about clicking a link in an email is a worthwhile investment. All staff need to become security aware – it’s not just a job for IT.

August 21, 2008 | Filed Under Education | Leave a Comment 

Spam, Spam, Spam, Spam – Not So Lov-er-ly Spam

Symantec released its latest report on spam. July’s results were a 12% increase, year-on-year, to 78% of all messages. As expected the ‘big’ public interest events are still a big trend, so the Olympics and the US presidential race are up there along with ones targeting people’s fears for the economy and the old favourites of losing weight and superfoods.

One of the other trends that was ‘emerging’ before and is now becoming an increased trend is to hijack legitimate websites which then host the malware. Businesses should start looking, not just if their website is up-and-running but also that it hasn’t been silently hacked and is now being used as a tool for cyber-criminals. Cross site scripting has been in the news a lot over the past few months – companies cannot afford to think it won’t happen to them, they need to change their policies today to ensure that they do not become part of the problem.

August 11, 2008 | Filed Under Spam | Leave a Comment 

I’m Rich…

… OK, so there is a few flaw in the plan, namely that I need to reply to someone in Singapore who has discovered some dormant investment accounts and I can get 25% if I help them get at the money. All sounds too familiar? Yes, it is that old phishing scam that we know and love however the twist here is that the letter arrived to my home address – it’s the same words as you would find in the ‘traditional’ email variety, just printed out and put in an envelope.

I wonder how many people will fall for this version… none I hope… and in the mean time it will cost the scammers the price of printing and posting – with luck they will be out of business shortly.

 

June 2, 2008 | Filed Under Spam | 1 Comment 

Happy Birthday Spam

This month marks 30 years since the first spam email message was sent. Back then the system could only cope with just over 300 email addresses at a time. The recipients gave the sender a hard time – they all sort of knew each other anyway!

My how times have changed, more than 85% of email traffic today is spam, billions of messages are sent everyday. Back then it was a simple invite – where the sender wanted to see the recipients, today it is much darker with one purpose in mind, making money. The past decade has seen an enormous rise in Internet users, spam and education as to the dangers of spam – but it doesn’t seem to matter there are still people who open attachments or visit websites without second thought to the potential consequences.

Anti-spam appliances and services have also grown up in the last decade and can virtually eliminate spam from arriving in the enterprise… new internet services offer ‘clean’ email feeds where spam is removed before it get to the enterprise. Various consumer email providers also offer great anti-spam functionality… isn’t it time we all used something… or will we all still be complaining about spam 30 years from now?

May 2, 2008 | Filed Under Spam | Leave a Comment