Report: Only One In 28 E-Mails Are Legitimate

IT security and control firm Sophos has published its report on the latest spam trends, and revealed the top 12 spam-relaying countries for the second quarter of 2008. SophosLabs research reveals a disturbing rise in the level of e-mail spam traveling across the Internet between April-June 2008, and how some spammers are now using Facebook and mobile phones to spread their messages.

By June 2008, research reveals that the level of spam had risen to 96.5 percent of all business e-mail. Having risen from 92.3 percent in the first three months of the year, corporations are now facing the fact that only one in 28 e-mail s is legitimate.

"If your company is on the Internet, it's going to be hard for it to do business unless it has an effective anti-spam defense in place. Otherwise the amount of junk mail will be swamping legitimate correspondence from your customers and suppliers," said Graham Cluley, senior technology consultant for Sophos. "It should be remembered also that some spam is not just a nuisance, but malicious in its intent -- trying to get you to click on an attached Trojan horse or lead you to a dangerous Web site. Organizations need a consolidated anti-spam and anti-malware solution at their gateway, updated around the clock to neutralize the latest Internet attacks."

Sophos also has discovered that spammers are increasingly using networking Web sites such as Facebook and LinkedIn to send their unwanted links to online stores and bogus lottery and financial scams.

"Spammers are finding themselves increasingly obstructed by corporate anti-spam defenses at the e-mail gateway. In a nutshell -- we're stopping the bad guys from getting their marketing message in front of their intended audience," Cluley said. "To get around this, we are seeing spammers exploiting networks like Facebook to plant spam messages on other peoples' profiles -- these don't just get read by the owner of the profile, but anyone else visiting his or her page."

In May, the LinkedIn business networking system was used by scammers seeking to swindle money from unwary corporate executives. On this occasion, the spammers offered a share of a non-existent $6.5 million inheritance fund, further highlighting the need for users to be vigilant to unsolicited approaches online.

Sophos experts note that the level of Facebook, Bebo and LinkedIn spam is still dwarfed by e-mail spam, but there is a growing trend for spammers to use other techniques to spread their messages.

Another growing method for spammers to spread their messages is via SMS texts sent to mobile phones.

In April, the switchboard of Dublin Zoo was swamped after at least 5,000 people were spammed an SMS text message to their mobile phones telling them to ring a number urgently and ask for a fictitious person. The number was that of the main phone line to Dublin Zoo and the fake names all animal-related (Rory Lion, Anna Conda, C Lion or G Raffe according to the news reports).

Curiously, zoos in Houston and Brownsville, Texas suffered from similar attacks in May.

Spamming a lot of people via text message is an effective way of generating a flash-flood denial-of-service attack against the telephone system of an organization you don't like. As mobile operators give away more and more "free texts per month" as part of their calling-plans, and make available SMS web gateways that can be exploited by hackers, we may see more spammers using SMS to clog up phone lines.

"Spear phishing," which involves messages that have been personalized to a specific domain or organization, has become more common in recent months. These e-mails will appear to come from a trusted source, such as a member of IT staff at the same company as the recipient, and ask for personal information or username and password confirmation. Those who reply to these messages will inadvertently be supplying information that the phisher can use for malicious purposes, such as identity fraud. Spear phishers generate the victims' addresses by using special software or using lists of employees found on the networks of social media sites such as Facebook or LinkedIn.

Victims of spear phishing attacks in recent months include: The University of Waterloo, Oak Ridge National Laboratory and the University of Minnesota. Financial institutions are also amongst the many organizations to have been on the receiving end of this kind of attack.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3