Spammers take aim at Christmas

Study reveals junk mail tactics becoming ever more sophisticated

Robert Jaques, vnunet.com 10 Nov 2004

Spammers are becoming increasingly clever and sophisticated in developing tactics to spread viruses, gain control of computers and encourage recipients to part with cash.

According to recently published research from content security firm Clearswift, phishing scams remain the spammers' most blatant use of social engineering.

As internet banking becomes more popular, phishing is becoming increasingly realistic in an attempt to exploit the lack of experience of many novice online bank users, Clearswift reported.

Although the study found that eBay cons are widespread, Citibank is still by far the biggest victim. Almost 50 per cent of mails in the 'scam' category are masquerading as communication from the US banking giant.

With Christmas around the corner, social engineering will come into its own, Clearswift warned. The firm predicts a rise in mails which specifically suggest the purchase of products as gifts for loved ones.

On a more sinister note, the report noted that the past two years have seen cyber-criminals use e-cards as a means of infiltrating Trojans onto desktops.

Employees are traditionally in a more relaxed mood as the festive season approaches, and organisations are advised to warn employees not to let their guard down.

The November Spam Index report noted that subject lines of 'Account number ###' or 'Your mortgage number ###' are also frequent, but rather less convincing, tricks.

Although these are far less likely to elicit money initially, confused email users might reply, thus confirming their email address and opening the door for a deluge of spam and viruses.

The Spam Index also shows that spammers have even turned to faith to instil credibility in their mails, offering finance from Christian organisations and using religious imagery.

An interesting new entrant onto the virtual market stall this month was identified as the Rolex watch, which now accounts for over five per cent of spam.

Yet the research found that software piracy is apparently not quite as acceptable. Spammers brazenly head up their mails with disclaimers such as 'Never use illegal office software' or 'It's illegal to use hacked Microsoft Office' to promote manifestly counterfeit products.

One group of particularly professional-looking mails draws on our inability to turn down freebies. These appear to offer expensive gifts such as a TV or laptop in return for sitting on a product review panel, quoting a plausible sounding name such as 'The Consumer Research Corp'.

Looking at the small print, these always come from an 'affiliate' of the company, making it harder to track down the sender's origin and reducing any legal link.

"It makes sense for spammers to target our weak spots," said Alyn Hockey, Clearswift's technical director.

"Although their success rate remains minimal, these constantly evolving tricks mean that organisations have to increasingly rely on robust email security software to filter out the rubbish."

See also: