|
It's Time to Cut Down on Spam
used with permission from Symantec
It’s no secret
that spammers count on current events to hoodwink email
users. In recent years, everything from the Beijing Olympics
to the presidential campaign of Barack Obama to the Oscar
ceremonies has provided fodder for their scams. But with the
economy in a tailspin, spammers are redoubling their
efforts. Continue reading to learn about the latest email
threats and what you can do to slow down and effectively
block them.
Beware of ‘economic spam’
As economic
concerns mount across the globe and media coverage of the
downturn intensifies, it’s clear that more and more spammers
view “economic spam” as a useful vehicle. According to a
recent Symantec State of Spam Report, emails with subject
lines such as “HURRY! I found you a new job” and “Global job
vacancy - apply now” are becoming increasingly common.
With more people
looking for employment, some spammers have even resorted to
using the rejection letter to dupe users. As the March 2009
State of Spam Report explained:
“In the particular
spam message observed, the messages states that
‘Unfortunately we have to inform you that your
qualifications and experience does not fit the position you
applied for.’ The URL links in the spam message point back
to a legitimate site of a particular company or recruitment
firm. The spam message indicates that ‘We have attached a
copy of your application you sent for us.’ If human
curiosity prevails and the recipient opens the attachment,
the user’s system becomes the subject of an attack from the
Hacktool. Spammer malicious virus. Hack-tool. Spammer is a
program that hackers use to attack mail boxes by flooding
them with email.”
Messages that
purport to be from the Internal Revenue Service are another
common ploy of spammers to gain personal information,
especially Tax Day in April. Lately, however, spammers have
started varying that tactic by encouraging recipients to
“Submit Your Economic Stimulus Payment Form.” One message
claims that “Economic Stimulus Grants are now available”
from the IRS. To claim this funding, the recipient is urged
to follow a Web link included in the message. According to a
“testimonial” on the spam link, “I found the grant I needed
and filled out the forms and sent them in and in about two
weeks I received a check in my hand for $100,000.”
It should be noted
that the IRS states on its website that it “does not
initiate communication with taxpayers through email.”
Other recent
scams
The dark cloud of the global recession may be providing
spammers with a silver lining, but that doesn’t mean they’re
ignoring other tactics. Among the recent scams observed by
Symantec researchers:
Swine Flu spam.
The Swine Flu outbreak in Mexico and across the world has
been making news headlines, with updates coming out from the
Centers for Disease Control and Prevention and the World
Health Organization. Symantec has been monitoring these
messages closely and has found that the top spam subject
lines related to this news coverage include certain keywords
such as: “Jolie caught swine flu,” “Swine flu in NY,”
“Madonna caught swine flu,” and “America against swine flu.”
Russian bride
spam. Following closely on the heels of Valentine’s Day
spam, a new wave of Russian bride spam has emerged.
Previously, recipients were encouraged to communicate over
email with a prospective bride. However, those who availed
themselves of this offer couldn’t be confident they were
speaking with a prospective bride. In recent Russian spam
messages, live video streaming has been suggested as a way
to overcome this issue. According to one spam email viewed
by Symantec, “Adding Live Video Streaming to your Live Chat
session is just like going on a date.”
Spring break
spam. Always timely, spammers are reminding us that
Spring is here with various vacation “offers.” The most
popular vacation offers are for Mexico (Cancun in
particular), Lake Tahoe, Arizona, South Carolina, and
multiple timeshares, with subject lines such as “Looking for
savings on a Mexico vacation? Book online” and “Visit Cancun
With A 3 Night Free Stay - No Purchases Required.”
Phony offers to
pay bloggers. Blogs are all the rage these days, so it
was only a matter of time before spammers jumped on the
bandwagon. One spam message observed by Symantec indicated
that “Freelance Writers Were Needed” to post in blogs “in
order to get paid 12 - 50 per hour.” However, logging in to
the “exclusive, members-only area” of the website requires
recipients to divulge personal contact information and
credit card details. The site creates a false sense of
security by featuring two logos that tout the supposed
reliability of dealing with this site.
Lawsuit scams.
With this kind of spam, it’s the spammers who are the
“ambulance chasers.” Take the case of Avandia, a drug first
approved by the Food and Drug Administration in 1999 to
treat diabetes. In February 2009, a spam message relating to
this drug was reported with the following subject line:
“Have You Taken AVANDIA? Important Lawsuit Information.” It
indicates that “If you or someone you know has taken Avandia
you or that someone or their family may be entitled to
monetary damages.”
High-performance protection against spam
Of course, spam isn’t just a distraction to employees; it’s
also a resource drain to IT departments and a risk to
information loss if an effective solution isn’t in place.
Symantec has several offerings to protect organizations from
spam, including Mail Security for Microsoft Exchange with
Premium AntiSpam and Brightmail Gateway Small Business
Edition. These leading antispam and email security products
detect spam with more than 97% effectiveness and false
positives of only one out of every million legitimate emails
scanned. Mail Security for Microsoft Exchange is also part
of the Symantec Protection Suite Small Business Edition.
In recent
interviews with organizations that have deployed Symantec
antispam technologies, research firm IDC has reported the
following benefits (“Uncovering the Hidden Costs of Spam,”
IDC, February 2009):
-
Cost avoidance
by not having to add antispam servers and email servers,
which increases energy consumption and administration
staff. This was accomplished despite the significant
growth in spam volumes during the past several years and
the steady growth in email users and subscribers.
-
Cost reduction
by reducing the time spent by IT staff dealing with
spam, email delivery, and denial of service (DoS)
attacks.
-
Improved
anti-spam efficiency and greater customer satisfaction
by reducing the amount of spam reaching user and
subscriber mailboxes.
Conclusion
If the latest Symantec Internet Security Threat Report is
any indication, spammers have never been more active. Over
the past year, Symantec observed a 192% increase in spam
detected across the Internet, from 119.6 billion messages in
2007 to 349.6 billion messages in 2008. In addition, bot
networks were responsible for the distribution of
approximately 90% of all spam email last year. For small and
midsize businesses in particular, spam should not be viewed
as “merely” an irritation. Spam squanders IT resources and
is a serious risk to information loss unless you take steps
to stop it. As it continues to clog networks, servers, and
inboxes with unwanted and often malicious content, spam
needs to be high up the priority lists of IT managers.
Organizations looking for cost-effective ways to minimize
the number of spam messages that reach email servers and
user mailboxes should consider Symantec Mail Security for
Microsoft Exchange with Premium AntiSpam or Symantec
Brightmail Gateway Small Business Edition. These products
provide high-performance mail protection against spam, virus
threats, and security risks while enforcing internal
policies for email communication |
