Report: Only One In 28 E-Mails Are Legitimate
IT security and control firm Sophos has published its report on the latest spam trends, and revealed the top 12 spam-relaying countries for the second quarter of 2008. SophosLabs research reveals a disturbing rise in the level of e-mail spam traveling across the Internet between April-June 2008, and how some spammers are now using Facebook and mobile phones to spread their messages.
By June 2008, research reveals that the level of spam had risen to 96.5 percent of all business e-mail. Having risen from 92.3 percent in the first three months of the year, corporations are now facing the fact that only one in 28 e-mail s is legitimate.
"If your company is on the Internet, it's going to be hard for it to do business unless it has an effective anti-spam defense in place. Otherwise the amount of junk mail will be swamping legitimate correspondence from your customers and suppliers," said Graham Cluley, senior technology consultant for Sophos. "It should be remembered also that some spam is not just a nuisance, but malicious in its intent -- trying to get you to click on an attached Trojan horse or lead you to a dangerous Web site. Organizations need a consolidated anti-spam and anti-malware solution at their gateway, updated around the clock to neutralize the latest Internet attacks."
Sophos also has discovered that spammers are increasingly using networking Web sites such as Facebook and LinkedIn to send their unwanted links to online stores and bogus lottery and financial scams.
"Spammers are finding themselves increasingly obstructed by corporate anti-spam defenses at the e-mail gateway. In a nutshell -- we're stopping the bad guys from getting their marketing message in front of their intended audience," Cluley said. "To get around this, we are seeing spammers exploiting networks like Facebook to plant spam messages on other peoples' profiles -- these don't just get read by the owner of the profile, but anyone else visiting his or her page."
In May, the LinkedIn business networking system was used by scammers seeking to swindle money from unwary corporate executives. On this occasion, the spammers offered a share of a non-existent $6.5 million inheritance fund, further highlighting the need for users to be vigilant to unsolicited approaches online.
Sophos experts note that the level of Facebook, Bebo and LinkedIn spam is still dwarfed by e-mail spam, but there is a growing trend for spammers to use other techniques to spread their messages.
Another growing method for spammers to spread their messages is via SMS texts sent to mobile phones.
In April, the switchboard of Dublin Zoo was swamped after at least 5,000 people were spammed an SMS text message to their mobile phones telling them to ring a number urgently and ask for a fictitious person. The number was that of the main phone line to Dublin Zoo and the fake names all animal-related (Rory Lion, Anna Conda, C Lion or G Raffe according to the news reports).
Curiously, zoos in Houston and Brownsville, Texas suffered from similar attacks in May.
Spamming a lot of people via text message is an effective way of generating a flash-flood denial-of-service attack against the telephone system of an organization you don't like. As mobile operators give away more and more "free texts per month" as part of their calling-plans, and make available SMS web gateways that can be exploited by hackers, we may see more spammers using SMS to clog up phone lines.
"Spear phishing," which involves messages that have been personalized to a specific domain or organization, has become more common in recent months. These e-mails will appear to come from a trusted source, such as a member of IT staff at the same company as the recipient, and ask for personal information or username and password confirmation. Those who reply to these messages will inadvertently be supplying information that the phisher can use for malicious purposes, such as identity fraud. Spear phishers generate the victims' addresses by using special software or using lists of employees found on the networks of social media sites such as Facebook or LinkedIn.
Victims of spear phishing attacks in recent months include: The University of Waterloo, Oak Ridge National Laboratory and the University of Minnesota. Financial institutions are also amongst the many organizations to have been on the receiving end of this kind of attack.