Saturday, March 08, 2008

Symantec releases March Spam and Scam Trends

Even though scams don't all originate on the Internet, a great majority of them do. If you ever want to figure out what scams are making their rounds, taking a look at spam analysis is a pretty good way of doing it.

Spam is the vehicle that most cyber misfits seem to prefer when trying to pull a fast one on the unwary. Fortunately, most of them are far from geniuses and all it takes is a little awareness to foil their attempts at trickery.

Of course, providing a little body armor for your system is highly recommended, also. Especially, if you are a Windows user.

Please note that when providing body armor for your system to make sure you are buying it from a reliable vendor. I see spam come-ons for so-called computer security software that might turn your system into a spam spewing zombie, steal all the information from it, or a combination of both.

Last week, Symantec released their March report. This report is a good resource to use to see what is going on in the wild world of spam, scams and malicious software.

Kelly Conley writes:

Social engineering was the driving force behind spammers during the month of February. While overall spam volume hovered steadily at 78.5% of email and tactics remained relatively the same, the use of events, big brands, and public figures drove spam campaigns during the month. The March State of Spam report highlights several of these.

Kelly brings up another point -- which is that despite the fact that scams frequently use technology as a tool -- they also rely on a healthy a dose of social engineering (trickery) to accomplish their intentional misdeed.

Predictably, the presidential candidates are a big lure:

Last month, spammers began to spread bogus links purporting to show a Hillary Clinton speech, but in actuality the links were cloaking a malicious Trojan. Most recently we’ve seen spammers leveraging the last remaining front-runners of the 2008 presidential elections; Obama, McCain, and Huckabee. Just what are spammers linking the candidates with? Everything from Viagra, porn, get-rich-quick schemes, and portable dewrinkle machines.

If you think about it, this shouldn't surprise very many of us. After all, the candidates are filling up our mailboxes with a lot of political spin and requests for financial support, also.

It's probably a good idea to be careful when clicking on a link in any unsolicited messages. Especially, when over 75 percent of all e-mail sent is spam.

Of course, politicians aren't the only human lures spammers use. Celebrities are pretty good "spam fodder," also.

The presidential candidates aren’t the only targets. Also seen were high profile names such as Michael Jackson, Heather Mills, and Indiana Jones to name a few. Spammers are using these names to spread malicious links to videos and the names being circulated are all currently high profile. Who hasn’t heard of the McCartney/Mills divorce or Britney Spears’ woes? The spammer is banking that you want to know more about these celebrities and are therefore leveraging their names to tempt you into opening the malicious link. These are fairly easy to spot because in most cases the names are misspelled. I wonder what Paul McCartney would think of his name more closely resembling a martini (Maccartni)?
It never ceases to amaze me that spammers can't spell. A common demoninator in most scam letters is that a lot of words are misspelled. Especially, the variety that orginate out of Internet cafes in third world countries.

Other notable trends in the lures being used are International Women's Day and (too good to be true) offers of free tickets from Southwest Airlines.

The monthly reports normally includes an amusing, or not so amusing (reader's choice) "hall of shame" category. This month the mortgage crisis is being used, with a sick twist:

As economic conditions have slowed in recent months, Symantec has observed a torrent of spam messages encouraging users to “refinance before its too late,” ”take out a mortgage for the lowest APR ever,” or “this is the time to be the proud owner of your house.” While the deluge of finance spam continues, spammers have also decided to diversify their sales portfolio to include the buying and selling of burial plots. Talk about an idea to get out from being buried, no pun intended. As the message indicates, the U.S. national average price for a burial plot in 1978 was $200 and this has risen to $4500 in 2008. “Get started today” – adverts say – “because tomorrow could be too late”.
In case you missed the link to the full report (above), it can be seen (with some interesting screenshots), here.

1 comment:

michael said...

Isn't it pathetic that our email programs cannot highlight a hyper link to an .exe file?

Should I have to view as source every email?